Google Search Appliance vulnerable to XSS?

Hello, I would like to get some mitigation information and
patch ETA
concerning the latest Google Search Appliance Cross Site
Scripting
vulnerability disclosed on the following sites:

http://www.xssed.com/news/40/Google_Se
arch_Appliance_is_vulnerable_to_XSS/
http://ha.ckers.org/blog/20070921/anoth
er-xss-in-google-search-appliance/

A google search for "inurlml_no
_dtd" reveals that approximately
187000 sites are potentially affected by this
vulnerability.

Any information from Google developers would be appreciated,
or anyone
else with workarounds or mitigation strategies.

thank you


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Google Search Appliance" group.
To post to this group, send email to
Google-Search-Appliancegooglegroups.com
To unsubscribe from this group, send email to
Google-Search-Appliance-unsubscribegooglegroups.com
For more options, visit this group at http://groups.google.com/group/Google-Search-Applian
ce?hl=en
-~----------~----~----~----~------~----~------~--~---

Did you look at the following page from support.google.com?

https://support.google.com/enterprise/d
oc/gsa/advisories/index_gsa4x.html



On Sep 25, 1:42 am, "sewomin...gmail.com"
<sewomin...gmail.com>
wrote:
> Hello, I would like to get some mitigation information
and patch ETA
> concerning the latest Google Search Appliance Cross
Site Scripting
> vulnerability disclosed on the following sites:
>
> http://www.xssed.com/news/40
/Google_Search_Appliance_is_vulnerable_to...http://ha.ckers.
org/blog/20070921/another-xss-in-google-search-applia...

>
> A google search for "inurlml_no
_dtd" reveals that approximately
> 187000 sites are potentially affected by this
vulnerability.
>
> Any information from Google developers would be
appreciated, or anyone
> else with workarounds or mitigation strategies.
>
> thank you


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Google Search Appliance" group.
To post to this group, send email to
Google-Search-Appliancegooglegroups.com
To unsubscribe from this group, send email to
Google-Search-Appliance-unsubscribegooglegroups.com
For more options, visit this group at http://groups.google.com/group/Google-Search-Applian
ce?hl=en
-~----------~----~----~----~------~----~------~--~---

On Sep 25, 8:08 am, Prathap <prathapthathire...gmail.com> wrote:
> Did you look at the following page from
support.google.com?
>
> https://support.google.com/enterprise/do
c/gsa/advisories/index_gsa4x....

I looked there and there was absolutely no information about
this
latest XSS vulnerability.  More statements of the problem:

http://www.theregister.co.uk/2007/09/24/g
oogle_vulns_put_users_at_risk/

http
://it.slashdot.org/it/07/09/24/1328231.shtml

If anyone knows of a patch for this problem, please post the
details
here.
Thanks.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Google Search Appliance" group.
To post to this group, send email to
Google-Search-Appliancegooglegroups.com
To unsubscribe from this group, send email to
Google-Search-Appliance-unsubscribegooglegroups.com
For more options, visit this group at http://groups.google.com/group/Google-Search-Applian
ce?hl=en
-~----------~----~----~----~------~----~------~--~---

An advisory has gone up on the Support Site:

https://support.google.com/enterprise
/doc/mini/advisories/ga-2007-09-m.html

The vulnerability only affects 3.x (MID series) Minis, and a
patch is
available.

Thor.

On Sep 26, 5:23 am, "Michael Cizmar"
<michael.b.ciz...gmail.com>
wrote:
> The latest vunerability has not been reported affecting
the GSA all of your
> references are out of date.
>
> I tested it against a couple different version of it
and haven't seen it.
> We'll have to wait a little to see if there is any
offical news.  I'll post
> something if I see it.
>
> M
>
> On 9/25/07, Fergus M <thef...gmail.com> wrote:
>
>
>
> > On Sep 25, 8:08 am, Prathap
<prathapthathire...gmail.com> wrote:
> > > Did you look at the following page from
support.google.com?
>
> > >https://support.google.com/enterprise/do
c/gsa/advisories/index_gsa4x....
>
> > I looked there and there was absolutely no
information about this
> > latest XSS vulnerability.  More statements of the
problem:
>
> >http://www.theregister.co.uk/2007/09/24/g
oogle_vulns_put_users_at_risk/
>
> >http
://it.slashdot.org/it/07/09/24/1328231.shtml
>
> > If anyone knows of a patch for this problem,
please post the details
> > here.
> > Thanks.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Google Search Appliance" group.
To post to this group, send email to
Google-Search-Appliancegooglegroups.com
To unsubscribe from this group, send email to
Google-Search-Appliance-unsubscribegooglegroups.com
For more options, visit this group at http://groups.google.com/group/Google-Search-Applian
ce?hl=en
-~----------~----~----~----~------~----~------~--~---

An advisory has gone up on the Support Site:

https://support.google.com/enterprise
/doc/mini/advisories/ga-2007-09-m.html

The vulnerability only affects 3.x (MID series) Minis, and a
patch is
available.

Thor.

On Sep 26, 5:23 am, "Michael Cizmar"
<michael.b.ciz...gmail.com>
wrote:
> The latest vunerability has not been reported affecting
the GSA all of your
> references are out of date.
>
> I tested it against a couple different version of it
and haven't seen it.
> We'll have to wait a little to see if there is any
offical news.  I'll post
> something if I see it.
>
> M
>
> On 9/25/07, Fergus M <thef...gmail.com> wrote:
>
>
>
> > On Sep 25, 8:08 am, Prathap
<prathapthathire...gmail.com> wrote:
> > > Did you look at the following page from
support.google.com?
>
> > >https://support.google.com/enterprise/do
c/gsa/advisories/index_gsa4x....
>
> > I looked there and there was absolutely no
information about this
> > latest XSS vulnerability.  More statements of the
problem:
>
> >http://www.theregister.co.uk/2007/09/24/g
oogle_vulns_put_users_at_risk/
>
> >http
://it.slashdot.org/it/07/09/24/1328231.shtml
>
> > If anyone knows of a patch for this problem,
please post the details
> > here.
> > Thanks.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Google Search Appliance" group.
To post to this group, send email to
Google-Search-Appliancegooglegroups.com
To unsubscribe from this group, send email to
Google-Search-Appliance-unsubscribegooglegroups.com
For more options, visit this group at http://groups.google.com/group/Google-Search-Applian
ce?hl=en
-~----------~----~----~----~------~----~------~--~---

An advisory has gone up on the Support Site:

https://support.google.com/enterprise
/doc/mini/advisories/ga-2007-09-m.html

The vulnerability only affects 3.x (MID series) Minis, and a
patch is
available.

Thor.

On Sep 26, 5:23 am, "Michael Cizmar"
<michael.b.ciz...gmail.com>
wrote:
> The latest vunerability has not been reported affecting
the GSA all of your
> references are out of date.
>
> I tested it against a couple different version of it
and haven't seen it.
> We'll have to wait a little to see if there is any
offical news.  I'll post
> something if I see it.
>
> M
>
> On 9/25/07, Fergus M <thef...gmail.com> wrote:
>
>
>
> > On Sep 25, 8:08 am, Prathap
<prathapthathire...gmail.com> wrote:
> > > Did you look at the following page from
support.google.com?
>
> > >https://support.google.com/enterprise/do
c/gsa/advisories/index_gsa4x....
>
> > I looked there and there was absolutely no
information about this
> > latest XSS vulnerability.  More statements of the
problem:
>
> >http://www.theregister.co.uk/2007/09/24/g
oogle_vulns_put_users_at_risk/
>
> >http
://it.slashdot.org/it/07/09/24/1328231.shtml
>
> > If anyone knows of a patch for this problem,
please post the details
> > here.
> > Thanks.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Google Search Appliance" group.
To post to this group, send email to
Google-Search-Appliancegooglegroups.com
To unsubscribe from this group, send email to
Google-Search-Appliance-unsubscribegooglegroups.com
For more options, visit this group at http://groups.google.com/group/Google-Search-Applian
ce?hl=en
-~----------~----~----~----~------~----~------~--~---