Release Date: 03-May-2011

Last Update: –

Vendor Notification Date: 20-Apr-2011

Product: Proofpoint Protection Server

Platform: Appliance

Affected versions: 5.5.5 (verified), and possibly others

Severity Rating: Medium

Impact: Cookie/credential theft, impersonation, loss of confidentiality

Attack Vector: Remote without authentication

Solution Status: Vendor patch

CVE reference: Not yet assigned

Details

The Proofpoint Protection Server offers anti-spam and anti-virus, connection management, email firewall and policy enforcement features.

A Cross-Site Scripting (XSS) vulnerability has been discovered in the Proofpoint Protection Server where input is passed to the query string of process.cgi. This has occurred as a result of the application not properly filtering HTML tags which allows malicious JavaScript to be embedded. When input is incorrectly validated and not properly sanitised and then displayed in a web page, attackers can trick users into viewing the web page and causing malicious code to be executed.

Please refer to the PDF version of this advisory for proof of concept code examples.

Solution

The vendor has advised that ‘Patch 1084’ is now available, and should be applied to fix this issue.

Discovered By

Karan Khosla from Sense of Security Labs.