Information from Digital Arts Inc.
Vulnerability ID:JVN#32155106
Title:Multiple vulnerabilities in i-FILTER
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
◆JVN#32155106
Summary
"i-FILTER" Ver.9.50R05 and earlier provided by "Digital Arts Inc." has XSS(cross site scripting) vulnerability.
Target
"i-FILTER" Ver.9.50R05 and earlier
Detail
An attacker can run malicious scritps with virtual host which "i-FILTER" accepts the request of it.
Risk
tampering with web site, redirect to malicious URL, running a high load process and so on
Countermeasure
Updating to "i-FILTER" Ver.9.50R06 released on 12/06/2018.
Summary
"i-FILTER" Ver.9.50R05 and earlier provided by "Digital Arts Inc." has "HTTP header injection" vulnerability.
Target
"i-FILTER" Ver.9.50R05 and earlier
Detail
An attacker can tamper with the response data with virtual host which "i-FILTER" accepts the request of it.
Risk
tampering with the response data and so on
Countermeasure
Updating to "i-FILTER" Ver.9.50R06 released on 12/06/2018.