Oliver's Blog Yet Another Needless BLOG

28.11.2008

Astaro Security Gateway V7 Vulnerabilities

Filed under: Advisories,Allgemein,linkedin — oliver.karow @ 13:10

Some weeks ago i discovered some vulnerabilities within Astaro Security Gateway V7.

Among other features, the ASG works as a Webfilter, to regulate employees webbrowsing activity.

Due to weak input filtering, an attacker can use the vulnerabilities to inject persistant script code, which will be executed inside the ASG’s admin console.
It is also possible to conduct cross site scripting attacks against the webusers, protected by the ASG, due to a XSS vuln within the webbroxies error message handling.

All vulnerabilities are meanwhile fixed by the vendor. A detailed advisory will be published, soon ( or less soon, depending on my sparetime 😉 )

Powered by WordPress