Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28161
HistoryJun 17, 2012 - 12:00 a.m.

AdNovum NevisWeb Security Proxy Vulnerability - Cross-site scripting (XSS) within 302 Redirections

2012-06-1700:00:00
vulners.com
82
JSON

Hi all,

nevisProxy is a Swiss secure reverse proxy with integrated web
application firewall (WAF). It acts as a central upstream entry point
for web traffic to integrated online applications. nevisProxy controls
user access and protects sensitive data, applications, services, and
systems from internal and external threats. nevisProxy is a component of
AdNovum's security framework Nevis.

The security product is prone to a XSS vulnerability in its redirection
routine.

Details:

http://www.csnc.ch/misc/files/advisories/CSNC-2012-004_Nevis_XSS_within_
302_Redirections_publicVersion.txt

References:

http://www.adnovum.ch/en/products/index.php?page=secprod&subpage=nevis&s
ubsubpage=nevisproxy

Credits:

Alexandre Herzog <[email protected]> (Compass Security Analyst,
Switzerland)

Switzerland, 14.6.2012
Compass Security AG is a Swiss leading ethical hacking and penetration
testing company. (www.csnc.ch)

Regards
Ivan Buetler

JSON