Citrix NFuse launch.* cross-site scripting (HTTP_Nfuse_Script)

About this signature or vulnerability

IBM Security Host Protection for Desktops, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology, Proventia Network IPS, Proventia Network MFS, Proventia-G 1.1 and earlier, IBM Security Host Protection for Servers (Windows), RealSecure Server Sensor, Proventia Network IDS, IBM Security Host Protection for Servers (Unix):

This event triggers upon detecting a specially-crafted URL containing 'launch.asp' or 'launch.jsp'.


False positives

IBM Security Host Protection for Servers (Unix): No known false positives.

False negatives

IBM Security Host Protection for Servers (Unix): No known false negatives.

Default risk level

High risk vulnerability  High

Sensors that have this signature

IBM Security Host Protection for Desktops: 8.0.614.1, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 1.0, Proventia Network IPS: 2.0, Proventia Network MFS: XPU 1.9, Proventia-G 1.1 and earlier: XPU 22.11, IBM Security Host Protection for Servers (Windows): 1.0.914.0, IBM Security Host Protection for Servers (Windows): 2.1.14.2400, RealSecure Server Sensor: XPU 22.11, Proventia Network IDS: XPU 22.11, IBM Security Host Protection for Servers (Unix): 2.2.2

Systems affected

Citrix NFuse: 1.51, Citrix NFuse: 1.6

Type

Protocol Signature

Vulnerability description

An HTTP request containing embedded <script> tags has been detected, which may indicate a cross-site scripting attempt against a Web server or Web application.

How to remove this vulnerability

This check is for informational purposes only.

Ensure that your personal firewall, operating system, and applications are up-to-date in order to minimize the threat of a system compromise.

References

BugTraq Mailing List, Wed Mar 27 2002 - 05:44:43 CST
NFuse Cross Site Scripting vulnerability
http://archives.neohapsis.com/archives/bugtraq/2002-03/0334.html

ISS X-Force
Citrix NFuse launch.* cross-site scripting
http://www.iss.net/security_center/static/8659.php

CVE
CVE-2002-0504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0504