3APA3A at SECURITY
Jul 3, 2009, 5:58 AM
Post #3 of 3
(226 views)
Permalink
|
|
Re: radware AppWall Web Application Firewall: Source code disclosure on management interface
[In reply to]
|
|
Dear Shaked Vax,
Are you sure Radware Team have analysed reflected attack via user's
browser (AppWall administrator visits malcrafted page, page redirects
his request to AppWall) before excluding remote vector?
--Thursday, July 2, 2009, 3:23:16 PM, you wrote to full-disclosure[at]lists.grok.org.uk:
SV> Radware team has completed analysis of the reported issue, concluding
SV> that no AppWall customer using the product according to Radware
SV> deployment recommendations would be exposed to vulnerability as a result
SV> of this issue. This is due to the facts that this issue exists only on
SV> the management interface that is recommended to be connection to
SV> internal LAN only, and that it does not allow performing any actions
SV> that would influence machine functionality.
SV> Nevertheless, in order to enforce our commitment to deliver top
SV> security solution to our customers, Radware will supply a fix for this
SV> issue within its upcoming AppWall release.
SV> Shaked Vax
SV> AppWall Product Manager
SV> ShakedV[at]radware.com
SV> _______________________________________________
SV> Full-Disclosure - We believe in it.
SV> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
SV> Hosted and sponsored by Secunia - http://secunia.com/
--
Skype: Vladimir.Dubrovin
~/ZARAZA http://securityvulns.com/
Но Гарри... я безусловно отдаю предпочтение ему, за
высокую питательность и какое-то особенно нежное мясо. (Твен)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
|
