Zeus Web Server Admin Interface Cross Site Scripting Vulnerability

On the 29th of May 2003, a cross-site-scripting attack against the Zeus Administration Server was reported on bugtraq (incident "Zeus Web Server Admin Interface VS_Diag.CGI Cross Site Scripting Vulnerability").

Zeus Technology has investigated this report and confirms that a cross-site-scripting exploit is possible under very limited conditions. This vulnerability is present in Zeus Web Server version 4.2r2 and earlier.

Zeus have product patches which are now available through Zeus' support channel (support@zeus.com).

These patches will be included in the next revision of Zeus Web Server (4.2r3) when it is released.

Zeus Technology continue to advise that the Administration Server is shut down when not in use as a matter of routine.

Zeus Technology work closely with customers, evaluators, security professionals and other researchers to ensure its products are secure and free from defects. Any security-related comments received at security@zeus.com, or through any other means, are treated as being of the utmost importance.

Content Manager [Administrator] 30 May 2003

Comments are closed for this post.

Recently...

Other Resources

The ZWS Online Support service is provided as is, without warranty or specific endorsement by Zeus Technology. For technical support queries, please contact Zeus Technical Support. Articles and comments may not reflect the views of Zeus Technology. • Disclaimer and Privacy statement.