Signature Detail
Short Name |
HTTP:XSS:IE7-XSS |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Internet Explorer 7 Navigation Canceled Page Cross-Site Scripting |
Release Date |
2007/03/23 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft Internet Explorer 7 Navigation Canceled Page Cross-Site Scripting
This signature detects attempts to exploit a known vulnerability against Internet Explorer. Versions 7.0 are vulnerable. Attackers can trick a user into visiting Web pages through Cross-Site Scripting that are often used in Phishing scams.
Extended Description
Microsoft Internet Explorer is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to spoof the contents of the Navigation canceled page, steal cookie-based authentication credentials, and obtain other sensitive information. Successful exploits may assist in phishing or other attacks that rely on content spoofing.
Affected Products
- Avaya Customer Interaction Express (CIE) User Interface 1.0
- Avaya Messaging Application Server MM 2.0
- Avaya Messaging Application Server MM 3.0
- Avaya Messaging Application Server MM 3.1
- Avaya Messaging Application Server
- HP Storage Management Appliance 2.1
- Microsoft Internet Explorer 7.0
- Nortel Networks Centrex IP Client Manager 7.0.0
- Nortel Networks Centrex IP Client Manager 8.0.0
- Nortel Networks Centrex IP Client Manager 9.0
- Nortel Networks Centrex IP Client Manager
References