HTTP: Microsoft Internet Explorer Anti-XSS Library Information Disclosure
This signature detects attempts to circumvent Microsoft's Anti-XSS Library. A successful attack could bypass the Cross Site Script (XSS) filter and allow unintended sensitive information disclosure to malicious third parties, possibly including user names, passwords, addresses, phone numbers, credit card numbers, or government identification numbers.
Extended Description
Microsoft Anti-Cross Site Scripting (AntiXSS) Library is prone to a security-bypass vulnerability that affects the sanitization module. An attacker can exploit this vulnerability to bypass the filter and conduct cross-site scripting attacks. Successful exploits may allow attackers to execute arbitrary script code and steal cookie-based authentication credentials. Microsoft Anti-Cross Site Scripting Library 3.x and 4.0 are vulnerable.
Affected Products
Avaya messaging_application_server,Avaya meeting_exchange
Short Name
HTTP:STC:IE:ANTIXSS-INFO-DISC
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Anti-XSS CVE-2012-0007 Disclosure Explorer Information Internet Library Microsoft bid:51291
Release Date
01/09/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Avaya
Microsoft
CVSS Score
4.3