BLOG
 
Blog: WiFi Experts

New Dynamic Threat Update Available for Aruba Cross-site Scripting Vulnerability
Author/Blog Contributor - Jesse Frankel, Product Manager, Fluke Networks
Date: August 01, 2011

Recently Aruba Networks issued an advisory on a Cross Site Scripting vulnerability in their ArubaOS and AirWave web management interfaces. A malicious user could plant a physical or soft AP anywhere near the WLAN and broadcast a specific SSID that contains Cross-site scripting content. Once the Aruba system records that malicious SSID and an unsuspecting admin runs a report and clicks on the link that contains the malicious SSID, it is possible to create a Cross-site scripting condition. A Cross-site scripting condition is where a user injects the client side script into the browser. In the Aruba case, it's the Access Point that is injecting the client side script. This could potentially execute commands on the systems with admin credentials.

Cross-site scripting attacks are typically targeted at web applications by injecting a client side script into the web page. What type of web applications? Any web site that contain forms to input data, or in Aruba's case, the system already wrote the information of the malicious Access Point into the database, so any time a user clicks on a link that contains the Cross-site scripted name, the client side script will be executed.

What makes this particular attack interesting is the use of a wireless access point or device that is broadcasting the vulnerability. This makes it extremely easy to target WLAN networks. The system monitoring the WLAN only needs to see the malicious SSID one time so it gets recorded in the database. Next time the WLAN admin runs any web pages that are susceptible to Cross-site scripting vulnerabilities, they will inadvertently execute the client side script that was injected in the web page and potentially compromise the system.

To address this vulnerability, the AirMagnet team at Fluke Networks has quickly released a new signature to alert when these types of devices are broadcasting malicious SSIDs. Through the new Dynamic Threat Update technology available in AirMagnet Enterprise 9.0, users are instantly protected with no need to manually download and upgrade their network.

 
Comments:
 
discount double check check icon cart icon newsletter icon icon plane Phone icon Icon Phone server icon ecommerce icon shopping cart icon Neon Backgrounds Phone Backgrounds Gold background Microsoft Desktop Backgrounds Windows Background Trippy backgrounds  eye icon fax icon credit card icon icon cro factory icon share icon icon credit union icon book microsoft word icon cell phone icon person icon internet icon deviantart icons icons backgrounds marks check mark Icon Parking فيروز كيفك انت وائل كفوري بيحن افلام اجنبية افلام افلام عربية افلام كرتون افلام هندية شات فور عدن شات فوكس عرب Nov. 24, 2013 10:37 AM

specific SSID that contains Cross-site scripting content. Once the Aruba system records that malicious SSID and an unsuspecting admin runs a report and clicks on the link that contains the malicious SSID, it is possible to create a Cross-site scripting condition. A Cross-site scripting condition is where a user injects the client side script into the browser. In the Aruba case, it's the Access Point that is injecting the client side script. This could potentially execute commands on the systems with admin credentials.

Cross-site scripting attacks are typically targeted at web applications by injecting a client side script into the web page. What type of web applications? Any web site that contain forms to input data, or in Aruba's case, the system already wrote the information of the malicious Access Point into the database, so any time a user clicks on a link that contains the Cross-site scripted name, the client side script will be executed.
bow44conga Dec. 1, 2013 5:26 PM

bow44conga Dec. 1, 2013 5:26 PM

bow44conga Dec. 1, 2013 5:27 PM

ءءء ءىءء سثء ء غخع فعلاث غخعفعلاث youtube غخع يوتيوب بشؤثلاخخن بشؤث لاخخن بشؤث بش ب لخ لخخ لخخلمث ل شات غلاي شات ورود ميكس يو شات دبي مون شات شات الورود شات موقع شات الشات دردشه الغلا شات روحي تحبك ورد بوكيه ورد احمر ورده وردة الورد ورود فيس بوك فيسبوك Dec. 25, 2013 4:24 PM

Cross-site scripting attacks are typically targeted at web applications by injecting a client side script into the web page. What type of web applications? Any web site that contain forms to input data, or in Aruba's case, the system already wrote the information of the malicious Access Point into the database, so any time a user clicks on a link that contains the Cross-site scripted name, the client side script will be executed.
is bubblegum casting legitimate Apr. 3, 2014 3:00 AM

Well Samsung mobile phones are multi-faceted in their capabilities with looks to match. Many of the latest mobile phones are empowered with Bluetooth and third generation
See more May. 8, 2014 4:18 AM

Even though a lot of high-end telephones come with a digital answering machine included in their base, avoid buying them. Telephones that have digital answering machines can be a hassle for their owners when they break down, as they deprive their owners of two devices.
url opener May. 12, 2014 10:25 AM

OPEN MULTIPLE URL'S WITH JUST ONE CLICK
NOW YOU DO NOT HAVE TO WORRIED ABOUT OPENING VARIOUS URL'S WITH THE SINGLE CLICK OF YOUR MOUSE BUTTON. THE FAST URL OPENER CAN HELP YOU ACHIEVE THIS GOAL AND SAVE YOU SOMETIME AND BOTHERATION OF CLICKING THE MOUSE KEYS AGAIN AND AGAIN.
ENJOY THE WONDERS OF FAST URL OPENER AND SAVE TIME
See more May. 31, 2014 3:21 AM

Thank you for sharing This knowledge.Excellently written article, if only all bloggers offered the same level of content as you, the internet would be a much better place. Please keep it up! See more
See more May. 31, 2014 3:23 AM

love reading through your blog, I wanted to leave a little comment to support you and wish you a good continuationSee more
https://www.rebelmouse.com/fattyliverdiet/ Jun. 15, 2014 6:27 AM

New Dynamic Threat Update Available for Aruba Cross-site Scripting Vulnerability
Author/Blog Contributor - Jesse Frankel, Product Manager, Fluke Networks
http://buyyoutubeviewsfaster.com Jun. 19, 2014 2:09 AM

Recently Aruba Networks issued an advisory on a Cross Site Scripting vulnerability in their ArubaOS and AirWave web management interfaces. A malicious user could plant a physical or soft AP anywhere near the WLAN and broadcast a specific SSID that contains Cross-site scripting content. Once the Aruba system records that malicious SSID and an unsuspecting admin runs a report and clicks on the link that contains the malicious SSID, it is possible to create a Cross-site scripting
http://buyyoutubeviewsfaster.com Jun. 19, 2014 2:10 AM

Recently Aruba Networks issued an advisory on a Cross Site Scripting vulnerability in their ArubaOS and AirWave web management interfaces. A malicious user could plant a physical or soft AP anywhere near the WLAN and broadcast a specific SSID that contains Cross-site scripting content. Once the Aruba system records that malicious SSID and an unsuspecting admin runs a report and clicks on the link that contains the malicious SSID, it is possible to create a Cross-site scripting
http://www.covercity.net/browse/most-downloaded-in-week Jun. 19, 2014 4:05 AM

into new instruments -- new voices. Now we’ve made these unique voices available to artists in a way that enables them to create their own music and voices based on this fundamental
seo services company Jun. 19, 2014 5:22 AM

Took me time to read all the comments, but I really enjoyed the article. It proved to be Very helpful to me and I am sure to all the commenters here! It’s always nice when you can not only be informed, but also entertained!
www.amywaterman.co.uk Jun. 19, 2014 7:12 AM

Recently Aruba Networks issued an advisory on a Cross Site Scripting vulnerability in their ArubaOS and AirWave web management interfaces. A malicious user could plant a physical or soft AP anywhere near the WLAN and broadcast a specific SSID that contains Cross-site scripting content. Once the Aruba system records that malicious SSID and an unsuspecting admin runs a report and clicks on the link that contains the malicious SSID, it is possible to create a Cross-site scripting condition.
Visit here Jun. 25, 2014 12:57 AM

I really like the dear information you offer in your articles. I'm able to bookmark your site and show the kids check out up here generally. Im fairly positive theyre likely to be informed a great deal of new stuff here than anyone else!
Fernando Barrett Jun. 26, 2014 5:32 AM

Hey, great blog, but I don’t understand how to add your site in my rss reader. Can you Help me please?
BMW servicing Jun. 28, 2014 1:56 AM

t interfaces. A malicious user could plant a physical or soft AP anywhere near the WLAN and broadcast a specific SSID that contains Cross-site scripting content. Once the Aruba system records that malicious SSID and an unsuspecting admin runs a report and clicks on the link that contains the malicious SSID, it is possible to create a Cross-site
BMW servicing
data recovery Jun. 28, 2014 7:47 AM

A Cross-site scripting condition is where a user injects the client side script into the browser. In the Aruba case, it's the Access Point that is injecting the client side script. This could potentially execute commands on the systems with admin credentials.
heroes of the storm beta key Jun. 28, 2014 1:55 PM

Written for consumers by a consumer, this site includes a fun and informative Make Women Want You review and buyers guide that provides an insider's look at the program and answers frequently asked questions about Jason Capital's unique and highly popular system for helping you meet.
complete nutrition Jul. 1, 2014 12:09 AM

Pupil living is definitely excellent as well as the persons always remember their own college student living nevertheless whenever they must publish their own works as well as projects these people generally need support for the specialist internet writers that will help all of them on paper these kinds of also to provide the good grades. You may also find the ideal author exactly who will let you to boost your own grades. Technological know-how incorporates the application of resources, methods, techniques, as well as sources of capacity to make living much easier or higher nice as well as work much more successful.http://fitnesstips4all.com/
https://www.rebelmouse.com/pregnancymiraclelisaolson/ Jul. 4, 2014 2:16 AM

Pregnancy Miracle: Lisa Olson Reveals Her 5-Step, Scientifically Proven Method For Overcoming Infertility Disorders And Getting Pregnant Fast... Written for consumers by a consumer, this fan site includes a fun and informative Pregnancy Miracle review, ebook FAQ, and PDF download guide that provides an insider's look at the program and answers frequently asked questions about Lisa Olson's unique and highly popular infertility treatment and pregnancy guide.
Buy followers Google plus Jul. 6, 2014 5:32 AM

Good Post, I am a big believer in posting comments on sites to let the blog writers know that they’ve added something advantageous to the world wide web!
victoria one melbourne Jul. 10, 2014 4:07 AM

Next time the WLAN admin runs any web pages that are susceptible to Cross-site scripting vulnerabilities, they will inadvertently execute the client side script that was injected in the web page and potentially compromise the system.
check this Site Jul. 11, 2014 12:57 AM

Aw, it becomes an incredibly nice publish. In idea If perhaps to speculate creating similar to this in addition - trading a while and actual effort to make a excellent article… but just what is one able to say… I spend time a good deal and by no means acquire one factor completed.
http://textyourexbackforum.com/michael-fiore-text-your-ex-back-review-pdf-ebook-download/ Jul. 18, 2014 3:47 AM

Great post, good work. It Couldn’t be wrote any better. Reading this post reminds me of my recent employer! He constantly kept talking about this. I will forward this article to him.
forever yours carlos cavallo Jul. 18, 2014 8:01 AM

This site is a leading resource for information about the Carlos Cavallo Forever Yours PDF book and guide to understanding men that teaches you why men pull away and how to get a man to open up and communicate with you on a deep emotional level.
how do i make a girl addicted to me Jul. 18, 2014 11:00 PM

Purchasing the program directly from Dr. David through the official website ensures the lowest price and qualifies you for a full 365-day money back guarantee.
http://www.ub-electronic-cigarette.co.uk/evod-starter-kit.html Jul. 21, 2014 8:24 AM

The battery in our e-cig kits is CE approved and designed to prevent accidental discharge. By clicking the power button five times, it will lock the battery down so that it doesn't get switched on accidentally in your pocket etc.
text your ex back reviews Jul. 22, 2014 8:18 AM

This Text Your Ex Back review examines the Michael Fiore PDF and its ability to help you get your ex back using tiny text messages sent from your cell phone.
asadalikhatri Jul. 23, 2014 5:52 AM

purchase and download the What Men Secretly Want PDF ebook and "man mastery" programhow do i get him to commit to a relationship
.
how do i get him to commit to a relationship Jul. 23, 2014 8:01 AM

What Men Secretly Want by James Bauer gives you instant, online access to a simple, step-by-step system in which James teaches you his Respect Principle for quickly and easily connecting with a man and getting him to truly commit to you on a deep and emotional level.
Mortgage Payment Helper Jul. 24, 2014 5:25 PM

Excellent information on your blog, thank you for taking the time to share with us. Amazing insight you have on this, it's nice to find a website that details so much information about different artists.
Free PDF Ebooks Aug. 20, 2014 11:59 PM

Cross-site scripting vulnerabilities, they will inadvertently execute the client side script that was injected in the web page and potentially compromise the system.
Las Vegas wedding packages Sep. 4, 2014 4:17 AM

3 PXL Photography - Las Vegas, Nevada. USA. Wedding photography company.
FreeDebtConsolidationQuotes.com Sep. 9, 2014 4:28 PM

I'm really happy to find this site and did enjoy reading useful articles posted here. The ideas of the author was awesome, thanks for the share.
travel workout Sep. 10, 2014 11:49 AM

Well, this got me thinking what other workouts are good for those of us who find ourselves on the road or have limited equipment options.
estimate cost auto insurance Sep. 11, 2014 8:09 AM

First You got a great blog .I will be interested in more similar topics. i see you got really very useful topics , i will be always checking your blog thanks.
http://www.phoneindex.co.il/%D7%90%D7%9C%D7%A4%D7%95%D7%9F.aspx?p=12008206 Sep. 11, 2014 8:38 AM

A Cross-site scripting condition is where a user injects the client side script into the browser. In the Aruba case, it's the Access Point that is injecting the client side scrip
visit www.dceuk.com Sep. 11, 2014 8:12 PM

I appreciate everything you have added to my knowledge base.Admiring the time and effort you put into your blog and detailed information you offer.Thanks.
Key Biscayne photographers Sep. 14, 2014 5:06 AM

I am interested in this topic and would like to find out some more information as my friend need information on this topic. Do you have any other articles about this?
http://www.oakleyvaultsunglasses.us.com Sep. 15, 2014 1:08 AM

http://www.oakleyvaultsunglasses.us.com/ oakley sunglasses,oakley vault,oakleys,oakley sunglasses cheap,oakley.com,sunglasses outlet,cheap oakley,cheap oakley sunglasses,oakley outlet,cheap sunglasses,oakley prescription glasses,fake oakleys,oakley sunglasses outlet,oakley glasses,oakley store,fake oakley,oakley sale,cheap oakleys,discount oakley sunglasses
http://www.oakleysunglasses.in.net/ oakley vault,oakley sunglasses,oakleys,oakley sunglasses cheap,oakley.com,sunglasses outlet,cheap oakley,cheap oakley sunglasses,oakley outlet,cheap sunglasses,oakley prescription glasses,fake oakleys,oakley sunglasses outlet,oakley glasses,oakley store,fake oakley,oakley sale,cheap oakleys,discount oakley sunglasses
http://www.cheapoakley--sunglasses.com/ cheap oakley sunglasses,oakley sunglasses,oakley vault,oakleys,oakley sunglasses cheap,oakley.com,sunglasses outlet,cheap oakley,oakley outlet,cheap sunglasses,oakley prescription glasses,fake oakleys,oakley sunglasses outlet,oakley glasses,oakley store,fake oakley,oakley sale,cheap oakleys,discount oakley sunglasses
catering companies in columbia sc Sep. 22, 2014 3:21 AM

Wow! What an eye opener this post has been for me. Very much appreciated, bookmarked, I can’t wait for more!
19 vuotiaalle pikalaina Sep. 22, 2014 7:00 AM

What makes this particular attack interesting is the use of a wireless access point or device that is broadcasting the vulnerability. This makes it extremely easy to target WLAN networks.
best eye cream for dark circles Sep. 22, 2014 1:52 PM

This is an excellent post I seen thanks to share it. It is really what I wanted to see hope in future you will continue for sharing such a excellent post.
sophia hills Sep. 27, 2014 1:46 AM

The condo of Sophia Hills are spacious and accompanied with ample nature lighting and well ventilated to create a warmth homely natural environment. This resort styled development is definitely a tropical heaven on earth where you can escape from pressure of daily life.
True local Sep. 28, 2014 4:32 AM

Took me time to read all the comments, but I really enjoyed the article. It proved to be Very helpful to me and I am sure to all the commenters here! It’s always nice when you can not only be informed, but also entertained!
Victorino Noval Sep. 28, 2014 7:22 AM

Hmm… I read blogs on a similar topic, but i never visited your blog. I added it to favorites and i’ll be your constant reader.
Healthy Food Sep. 29, 2014 3:02 AM

A Cross-site scripting condition is where a user injects the client side script into the browser. In the Aruba case, it's the Access Point that is injecting the client side script.
Email Marketing Sep. 29, 2014 6:40 PM

My friend mentioned to me your blog, so I thought I’d read it for myself. Very interesting insights, will be back for more!

Post a Comment:

Name:
*
 
Email:
*
Note: Your email will not be displayed.
 
Comments:
 *
 
Verification:
Enter in the characters from the image below:
 *
 
 
Blog Contributor

Jesse Frankel has extensive experience in delivering critical wireless security solutions for enterprise, clinical and government networks. During his 6+ years at AirMagnet he served as Director, System Engineering and as a member of AirMagnet's Wireless Intrusion Research Team.

Blog Archive
 
Other Social Media Sites We Recommend:
Home  |  Security Center  |  All Things Wi-Fi  |  Blog  |  Library  |  AirMagnet.com  |  FlukeNetworks.com
© 2006-2012 Fluke Corporation. All rights reserved.