Solution #00006477
Scope:
Barracuda Spam and Virus Firewall v6.0.0 and earlier
Barracuda Web Application Filter v7.7.0 and earlier
Barracuda Web Filter v7.0.0 and earlier
Barracuda Load Balancer v4.2.1 and earlier
Severity: Low - High
Description:
Secdef 2.0.20131015 contains fixes for a persistent XSS vulnerability in the products and versions listed above. Successful exploitation of the vulnerability requires that the attacker convince an authenticated administrative user to upload a specially crafted certificate file containing the attack value. If successfully delivered the attacker would gain unauthorized access to the device as administrator. In practice this vulnerability is not viably exploitable.
For maximum protection, Barracuda Networks recommends that all customers ensure that their attack and security definitions are set to On and to upgrade to the latest generally available release of the firmware and security definitions.
Credits:
Benjamin Mejri of Vulnerability Labs
Link to this page:
https://campus.barracuda.com/solution/501600000013ZxgAAE