Friday, September 22, 2006

Cisco Details Cross-Site-Scripting, Denial-of-Service Flaws

Matt Hines writes on eWeek:

Cisco Systems has addressed three sets of software vulnerabilities in its networking and security products that could leave its customers open to outside attacks including cross-site-scripting and denial-of-service attempts.

The San Jose, Calif.-based firm said in a security bulletin posted to its Web site that a software vulnerability present in its Cisco Guard appliance, which is used to help prevent denial-of-service attacks on corporate Web sites, may allow an outsider to redirect users' browsers to a URL hosting cross-site scripting code.

Cisco reported that the flaw is exploitable when the appliance is providing its anti-spoofing services between a browser and a Web server, and that attackers could exploit the problem by sending malicious URLs to users via e-mail or instant messaging systems.

Cisco said that the threat could still be exploited on sites that have been designed to prevent cross-site-scripting, and that users must update their security devices to fix the issue.

More here.

0 Comments:

Post a Comment

<< Home