Update Protection against Adobe Flex SDK Cross-Site Scripting Vulnerability (APSB09-13)
| Check Point Reference: | CPAI-2009-185 | |
| Date Published: | ||
| Severity: | ||
| Source: | Adobe vulnerability identifier: APSB09-13 | |
| Industry Reference(s): | CVE-2009-1879 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Flex 3.3 SDK and earlier versions | ||
| Vulnerability Description An instance of a DOM-based Cross Site Scripting (XSS) vulnerability has been discovered in Adobe Flex SDK. Adobe Flex is a software development kit released by Adobe Systems for the development and deployment of cross-platform rich Internet applications based on the Adobe Flash platform. A remote attacker could exploit this issue to execute a reflected cross-site scripting attack on web sites using the affected code. |
||
|
Update/Patch Available Apply Hotfix: Adobe vulnerability identifier: APSB09-13 |
|
|
Vulnerability Details The vulnerability is due to an error in the Adobe Flex SDK that fails to sufficiently validate input when processing client HTTP requests. A remote attacker could trigger this issue via a specially crafted HTTP request. Successful exploitation will allow the attacker to execute a cross-site scripting attack. |
Protection Overview
This protection will detect and block attempts to exploit this vulnerability.
Note: If your ColdFusion server is configured to listen on a port other than 80, make sure to define this port as an HTTP service.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
DOM-based XSS