Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 APP:SYMC:LUA-HTML-INJ-TEST

Severity

 Medium

Recommended

 No

Category

 APP

Keywords

 Symantec LiveUpdate Administrator CSRF Vulnerability Test Detection

Release Date

 2012/11/15

Update Number

 2203

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Symantec LiveUpdate Administrator CSRF Vulnerability Test Detection


This signature detects IPS testing tools trying to incorrectly demonstrate the Symantec LiveUpdate Administrator CSRF Vulnerability. Actual exploit attempts against this vulnerability are properly detected with APP:SYMC:LUA-HTML-INJ.

Extended Description

Symantec LiveUpdate Administrator is prone to an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected application, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Affected Products

  • Symantec LiveUpdate Administrator 2.2.2.9

References

  • BugTraq: 46856
  • CVE: CVE-2011-0545

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out