03 May Security Advisory – SOS-11-005 – Proofpoint Protection Server Cross-Site Scripting Vulnerability
Release Date: 03-May-2011
Last Update: –
Vendor Notification Date: 20-Apr-2011
Product: Proofpoint Protection Server
Affected versions: 5.5.5 (verified), and possibly others
Severity Rating: Medium
Impact: Cookie/credential theft, impersonation, loss of confidentiality
Attack Vector: Remote without authentication
Solution Status: Vendor patch
CVE reference: Not yet assigned
The Proofpoint Protection Server offers anti-spam and anti-virus, connection management, email firewall and policy enforcement features.
Please refer to the PDF version of this advisory for proof of concept code examples.
The vendor has advised that ‘Patch 1084’ is now available, and should be applied to fix this issue.
Karan Khosla from Sense of Security Labs.