http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/
========
TimeLine
========
Discovered: 20 August 2007
Reported: 24 September 2007
Fixed: 5 November 2007
Patch Release: 5 December 2007
Published: 5 December 2007
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
HISTORY
Version: 1 (rev.1) - 20 August 2007 Initial release
Version: 2 (rev.2) - 12 September 2007 new script, corrected revision numbers
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
PR07-29: Two XSS on Blue Coat ProxySG Management Console
Vulnerability found: 23 July 2007
Vendor informed: 20 August 2007
Vulnerability fixed: 29 October 2007
Advisory publicly released: 1 November 2007
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
HISTORY
Version: 1 (rev.1) - 20 August 2007 Initial release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
PRODUCT SPECIFIC INFORMATION
HISTORY
Version: 1 (rev.1) - 20 August 2007 Initial release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
On Monday 20 August 2007 23:10:22 Coopercentral@gmail.com wrote:
> HI:
>
> I am the creator of this poll script, and would like to do whatever
> possible to make this NOT vulnerable. Thanks for finding this, and hope I
> can help.
I guess, if "register_globals" option is off (it's off by default since php4),
this exploit will fail and not work..
*/SyScan'10 HangZhou
/*date: 10 - 11 July 2010
*/SyScan'10 Taipei
/*date: 19 – 20 August 2010
*/SyScan'10 Ho Chi Minh City/*
date: 23 – 24 September 2010
*/SyScan'10 HangZhou
/*date: 10 - 11 July 2010
*/SyScan'10 Taipei
/*date: 19 – 20 August 2010
*/SyScan'10 Ho Chi Minh City/*
date: 23 – 24 September 2010
action: install revision A.3.0.0 or subsequent
END AFFECTED VERSIONS
HISTORY
Version: 1 (rev.1) - 20 August 2007 Initial release
Version: 2 (rev.2) - 12 September 2007 new script, corrected revision numbers
Version: 3 (rev.3) -11 February 2008 Ignite-UX vC.7.3.148, Dynamic Root Disk vA.3.0.0 available
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
