====================================================================

                             CERT-Renater

                  Note d'Information No. 2012/VULN282
____________________________________________________________________

DATE                :  18/07/2012

HARDWARE PLATFORM(S): Barracuda SSL VPN.

OPERATING SYSTEM(S):  Barracuda SSL VPN firmware release prior
                              to 2.2.2.203.

======================================================================
https://www.barracudanetworks.com/ns/support/tech_alert.php
______________________________________________________________________

Resolved parameter validation issue with the Barracuda SSL VPN for
authenticated users

Date: 	2012-07-16

Affected Products: 	Barracuda SSL VPN
Revision: 	        A1.0
Risk Rating: 	        Low

Recently, security researcher Benjamin Kunz Mejri at Vulnerability
Research Laboratory (www.vulnerability-lab.com) discovered and worked
with Barracuda Networks to resolve a cross-site scripting vulnerability
in the Barracuda SSL VPN for authenticated users to the Barracuda SSL
VPN. Under certain circumstance where a user has logged into the
Barracuda SSL VPN over the internet, it is possible for potential
attackers to insert scripting code into parameters.

Barracuda Networks resolved this issue identified by Benjamin Kunz
Mejri in firmware release 2.2.2.203 (2012-07-05). For maximum
protection, Barracuda Networks recommends that all customers upgrade to
the latest generally available release of the firmware.

======================================================================

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================