Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Barracuda Spam Firewall ldap_test.cgi Cross-Site Scripting Vulnerability



The remote web server contains a CGI script that is affected by a cross-site scripting vulnerability.


According to its firmware version, the remote Barracuda Spam Firewall device fails to filter input to the 'email' parameter of the '/cgi-bin/ldap_test.cgi' script before using it to generate dynamic content. An unauthenticated remote attacker may be able to leverage this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.


Either configure the device to limit access to the web management application by IP address or update to firmware release or later.