Rule:--Sid:2128--Summary:This event is generated when an attempt is made to access srsrv.cgi on aweb server. This may indicate an attempt to exploit a cross-site scripting vulnerability that affects Neoteris Instant Virtual Extranet, an appliance-based VPN solution.--Impact:Arbitrary code execution, possible session hijack.--Detailed Information:This event indicates that an attempt has been made to exploit a cross-site scripting vulnerability in Neoteris Instant Virtual Extranet.An attacker can pass an argument to srsrv.cgi that bypasses authentication, and can allow the attacker to hijack a legitimate user'sVPN session. --Affected Systems:Neoteris Instant Virtual Extranet 3.01 and earlier.--Attack Scenarios:An attacker can pass a specific argument to srsrv.cgi that bypasses authentication and can hijack a legitimate user's VPN session.--Ease of Attack:Simple. --False Positives:None known.--False Negatives:None known.--Corrective Action:Apply the patch provided by Neoteris (https://support.neoteris.com).--Contributors:Sourcefire Research TeamBrian Caswell <bmc@sourcefire.com>Nigel Houghton <nigel.houghton@sourcefire.com>Sourcefire Technical Publications Team--Additional References:Bugtraqhttp://www.securityfocus.com/bid/7510CVEhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0217Nessushttp://cgi.nessus.org/plugins/dump.php3?id=11608--