Info

Disclosure

Mar 29, 2005

Discovery

Unknown

Dates

Exploit

Mar 29, 2005

Solution

Unknown

Description

SonicWALL SOHO/10 Firewall Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate query string upon submission to the webroot. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
OSVDB: Web Related, Security Software

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

SonicWALL, Inc.	SOHO	5.1.7.0
SonicWALL, Inc.	PRO 230	6.5.0.3

References

Security Tracker: 1013638
Bugtraq ID: 12984
SCIP VulDB ID: 1329
Secunia Advisory ID: 14823 14860
Related OSVDB ID: 15262
ISS X-Force ID: 19958
CVE ID: 2005-1006 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html
Other Advisory URL: http://www.oliverkarow.de/research/SonicWall.txt
Vendor URL: http://www.sonicwall.com/

Credit

Oliver Karow - olivergreyhat.de - Personal Page

Direct URL: http://osvdb.org/15261

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

SonicWALL, Inc.

SOHO

PRO 230

References

Credit