Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Citrix XenCenterWeb Cross Site Scripting Vulnerabilities

Subscribe

Check Point Reference: CPAI-2009-213
Date Published:
Severity:
Source: SecurityFocus
Industry Reference(s): N/A
Protection Provided by: IPS-1
  • IPS-1
  • IPS-1 NGX R65
Who is Vulnerable?
Citrix XenCenterWeb
Vulnerability Description
Citrix XenCenterWeb is a web interface for Citrix XenServer environment management. Lack of sanitization in the username parameter may allow an attacker to access the Citrix XENCenter management console with javascript embedded in the username parameter.
Update/Patch Available
No patch is currently available from Citrix.
Vulnerability Details
XenCenterWeb allows users to see a list of Virtual Machines in the Resource Pool, perform life-cycle actions (start, shutdown, restart, etc.), get basic information about the hosts in the Resource Pools, information about the VMs and also connect to the console of the VMs. Lack of sanitization in the username parameter in edituser.php script allows an attacker to perform cross site scripting attacks on an affected system.

Protection Overview

By enabling this protection, IPS-1 will detect and block attempts to access the Citrix XENCenter management console with javascript embedded in the username parameter.

To configure the defense, select your product from the list below and follow the related protection steps.

IPS-1 & IPS-1 NGX R65

How Can I Protect My Network?

 1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Web Intelligence > WWW 2, and select the XSS Attacks protection group.
3. Click User Defined XSS Alert (IPS-1 NGX R65 only).
4. In the configuration pane, under Settings, check Active.
> 5. Click on Install Policy.

How Do I Know if My Network is Under Attack?

Upon attack, the following entries will be logged:

Alert Name: XSS Attacks
Description: User Defined XSS Alert