It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Login Sign Up Contact & Support

United States – English (GMT-5)

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud-to-Cloud Backup

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Web Security Agent

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

Reporting Server

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Firewall Policy Manager

Server Backup (Yosemite)

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup

MSP – Partner Management

MSP Knowledgebase

MSP – Partner Sales Enablement

NextGen Firewall X

Campus Help Center / Reference

Support Services

Network Security

Barracuda Campus Help Center / Reference

Overview Documentation

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud-to-Cloud Backup

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Web Security Agent

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

Reporting Server

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Firewall Policy Manager

Server Backup (Yosemite)

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup

MSP – Partner Management

MSP Knowledgebase

MSP – Partner Sales Enablement

NextGen Firewall X

Campus Help Center / Reference

Support Services

Network Security

Login Sign Up Contact & Support

United States – English (GMT-5)

Back to Knowledgebase

BNSEC-00399: Authenticated persistent XSS in multiple products

Type: Knowledgebase
Date changed: 2 years ago

Solution #00006477

Scope:

Barracuda Spam and Virus Firewall v6.0.0 and earlier
Barracuda Web Application Filter v7.7.0 and earlier
Barracuda Web Filter v7.0.0 and earlier
Barracuda Load Balancer v4.2.1 and earlier

Severity: Low - High

Description:

Secdef 2.0.20131015 contains fixes for a persistent XSS vulnerability in the products and versions listed above. Successful exploitation of the vulnerability requires that the attacker convince an authenticated administrative user to upload a specially crafted certificate file containing the attack value. If successfully delivered the attacker would gain unauthorized access to the device as administrator. In practice this vulnerability is not viably exploitable.

For maximum protection, Barracuda Networks recommends that all customers ensure that their attack and security definitions are set to On and to upgrade to the latest generally available release of the firmware and security definitions.

Credits:

Benjamin Mejri of Vulnerability Labs

Link to this page:

https://campus.barracuda.com/solution/501600000013ZxgAAE

Additional Resources

More

Print Share Page