On the 29th of May 2003, a cross-site-scripting attack against the Zeus Administration Server was reported on bugtraq (incident "Zeus Web Server Admin Interface VS_Diag.CGI Cross Site Scripting Vulnerability").
Zeus Technology has investigated this report and confirms that a cross-site-scripting exploit is possible under very limited conditions. This vulnerability is present in Zeus Web Server version 4.2r2 and earlier.
Zeus have product patches which are now available through Zeus' support channel (firstname.lastname@example.org).
These patches will be included in the next revision of Zeus Web Server (4.2r3) when it is released.
Zeus Technology continue to advise that the Administration Server is shut down when not in use as a matter of routine.
Zeus Technology work closely with customers, evaluators, security professionals and other researchers to ensure its products are secure and free from defects. Any security-related comments received at email@example.com, or through any other means, are treated as being of the utmost importance.
Content Manager [Administrator] 30 May 2003
Comments are closed for this post.