SUMMARY

AFFECTED PRODUCTS

ISSUES

ProxySG is vulnerable to reflected (non-persistent) cross-site scripting attacks.  User provided data is not validated or sanitized prior to including it in the HTML page returned to the user.  A remote attacker can exploit this vulnerability to inject script that will execute CLI commands as the administrator.  The remote attacker must execute the script within the administrator's browser while the administrator has an active session open with ProxySG.  By default, sessions are terminated after 15 minutes of inactivity.

Cross-site scripting is often used to steal cookies from a browser.  This allows an attacker to impersonate the user on another machine.  ProxySG cookies cannot be used on a different machine and therefore are not vulnerable to cookie theft.

CVSS v2 base score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

ACKNOWLEDGEMENTS

REVISION

2012-01-17 Notification that no fix will be provided for 5.3.  Changed status to final.
2011-02-17  Notification of fix in SGOS 4.3.4.1.  Updated SGOS 5.5 fix information to show the issue is resolved in SGOS 5.5.4.1 GA release and the accompanying link was also updated.  Updated SGOS 5.3 fix information to suggest upgrading to a newer version of SGOS to get the fix.  Added link to KB3608 on how to upgrade SGOS.
2010-11-01 Notification of fix in 5.5.3.5 patch release.
2010-10-28 Credited Patrick Fleming for discovering and reporting the vulnerability.
2010-10-27 Notification of ProxySG version 5.4.5.1 patch release being promoted to GA release.
2010-10-15 Notificaiton of fix in 5.4.5.1 patch release.
2010-10-12 Added additional details and another workaround.
2010-10-07 Added a workaround.
2010-10-01 Initial public release.