It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Help Center / Reference

BNSEC-00399: Authenticated persistent XSS in multiple products

  • Type: Knowledgebase
  • Date changed: 2 years ago

Solution #00006477

Scope:

Barracuda Spam and Virus Firewall v6.0.0 and earlier
Barracuda Web Application Filter v7.7.0 and earlier
Barracuda Web Filter v7.0.0 and earlier
Barracuda Load Balancer v4.2.1 and earlier

Severity: Low - High

Description:

Secdef 2.0.20131015 contains fixes for a persistent XSS vulnerability in the products and versions listed above. Successful exploitation of the vulnerability requires that the attacker convince an authenticated administrative user to upload a specially crafted certificate file containing the attack value. If successfully delivered the attacker would gain unauthorized access to the device as administrator. In practice this vulnerability is not viably exploitable.

For maximum protection, Barracuda Networks recommends that all customers ensure that their attack and security definitions are set to On and to upgrade to the latest generally available release of the firmware and security definitions.

Credits:

Benjamin Mejri of Vulnerability Labs

Link to this page:

https://campus.barracuda.com/solution/501600000013ZxgAAE