Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: KF Web Server 3.1.0 admin console XSS
From: support () keyfocus net
Date: 26 Jun 2007 13:26:10 -0000

Thank you Shay for finding this issue and taking the time to test our product.

We consider this issue to be of minor severity as it does not affect web sites hosted by the web server.

The problem is not in the web server itself but in the admin script hosted by the server. In order to access this 
script the attacker would need to be logged onto the server locally and have the admin password. With that level of 
access they would already have complete control of the web server configuration, in effect root access, so there would 
be no need to use this technique.

We do take this issue and all security issues seriously and have issued a patch which can be downloaded from our web 
site.

http://www.keyfocus.net/kfws/download/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]