Summary

Security Advisory ID : BSA-2017-283

Component : Apache Brooklyn 0.9.0 and all prior versions

Revision : 1.0: Interim

Apache Brooklyn’s REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user’s resources. This is due to improper escaping of server-side content. There is known to be a proof-of-concept exploit using this vulnerability.

Affected Products

Brocade is investigating its product lines to determine which products may be affected by this vulnerability and the impact on each affected product.

Products Confirmed Not Vulnerable

Brocade 5400 vRouter, Brocade 5600 vRouter, Brocade Fabric OS, Brocade FastIron OS, Brocade NetIron OS, Brocade Network OS, Brocade ServerIron ADX, Brocade Services Director, Brocade SLX-OS, Brocade Virtual ADX, Brocade Virtual Traffic Manager, and Brocade Virtual Web Application Firewall are confirmed not affected by this vulnerability.

Workaround

There are no workarounds that address this vulnerability.

Revision History