Published: 2018/12/07  Last Updated: 2018/12/07

Information from Digital Arts Inc.

Vulnerability ID:JVN#32155106
Title:Multiple vulnerabilities in i-FILTER
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

◆JVN#32155106

Summary
"i-FILTER" Ver.9.50R05 and earlier provided by "Digital Arts Inc." has XSS(cross site scripting) vulnerability.

Target
"i-FILTER" Ver.9.50R05 and earlier

Detail
An attacker can run malicious scritps with virtual host which "i-FILTER" accepts the request of it.

Risk
tampering with web site, redirect to malicious URL, running a high load process and so on

Countermeasure
Updating to "i-FILTER" Ver.9.50R06 released on 12/06/2018.




Summary
"i-FILTER" Ver.9.50R05 and earlier provided by "Digital Arts Inc." has "HTTP header injection" vulnerability.

Target
"i-FILTER" Ver.9.50R05 and earlier

Detail
An attacker can tamper with the response data with virtual host which "i-FILTER" accepts the request of it.

Risk
tampering with the response data and so on

Countermeasure
Updating to "i-FILTER" Ver.9.50R06 released on 12/06/2018.