OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Bobby Dominguez (bobby.dominguez_at_corp.terralycos.com)
Date: Thu Sep 26 2002 - 16:01:04 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Due to a bug in the content filtering engine of HTMLGear's "GuestGear"
    application, it was possible for a malicious user to inject arbitrary
    JavaScript into a guestbook page, in some browsers. (Various versions of
    Internet Explorer were affected, however Netscape/Mozilla browsers were not.)
    This bug existed under all guestbook security settings.

    Effective in the 9/25/02 release of HTMLGear, this security vulnerability has
    been fixed. Additionally, all new guestbooks will now default to the "simple
    tags" security level. (Previously, the default was to use the less secure mode
    by default.)

    - ---
    Bobby Dominguez
    Terra Lycos, Inc.
    Information Security Manager, US
    Voice: 781-370-2989
    Fax: 781-370-2650


    - ----------
    This message is intended exclusively for its addressee and may contain
    information that is CONFIDENTIAL and should not be forwarded to others without
    written consent from the sender. If this message has been received in error,
    please immediately notify me via e-mail and delete it. Please note that
    Internet e-mail does not guarantee the confidentiality or the proper receipt of
    the messages sent. If the addressee of this message does not consent to the
    use of Internet e-mail, please communicate it to me immediately.
    - ----------

    -----BEGIN PGP SIGNATURE-----
    Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

    iQA/AwUBPZN1kNBSA99T8QD3EQJ3rACgp9IA0/xXai1GATM3xoHvph7vxLMAniGP
    pWTMLeOIvWrb8R54HDNr1rCv
    =RyXi
    -----END PGP SIGNATURE-----