Citrix NFuse launch.* cross-site scripting (HTTP_Nfuse_Script)

About this signature or vulnerability

IBM Security Host Protection for Desktops, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology, IBM Security Network Protection, Proventia Network IPS, IBM Security Host Protection for Servers (Windows), RealSecure Server Sensor, Proventia Network IDS, Proventia Network MFS, Proventia-G 1.1 and earlier, IBM Security Host Protection for Servers (Unix):

This event triggers upon detecting a specially-crafted URL containing 'launch.asp' or 'launch.jsp'.


False positives

IBM Security Host Protection for Servers (Unix): No known false positives.

False negatives

IBM Security Host Protection for Servers (Unix): No known false negatives.

Default risk level

High risk vulnerability  High

Sensors that have this signature

IBM Security Host Protection for Desktops: 8.0.614.1, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 1.0, IBM Security Network Protection: 5.1, Proventia Network IPS: 2.0, IBM Security Host Protection for Servers (Windows): 1.0.914.0, IBM Security Host Protection for Servers (Windows): 2.1.14.2400, RealSecure Server Sensor: XPU 22.11, Proventia Network IDS: XPU 22.11, Proventia Network MFS: XPU 1.9, Proventia-G 1.1 and earlier: XPU 22.11, IBM Security Host Protection for Servers (Unix): 2.2.2

Systems affected

Citrix NFuse: 1.51, Citrix NFuse: 1.6

Type

Protocol Signature

Vulnerability description

An HTTP request containing embedded <script> tags has been detected, which may indicate a cross-site scripting attempt against a Web server or Web application.

How to remove this vulnerability

This check is for informational purposes only.

Ensure that your personal firewall, operating system, and applications are up-to-date in order to minimize the threat of a system compromise.

References

BugTraq Mailing List, Wed Mar 27 2002 - 05:44:43 CST
NFuse Cross Site Scripting vulnerability
http://archives.neohapsis.com/archives/bugtraq/2002-03/0334.html

ISS X-Force
Citrix NFuse launch.* cross-site scripting
http://www.iss.net/security_center/static/8659.php

CVE
CVE-2002-0504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0504