Cross Site Scripting (XSS) Identifies NetScaler Redirect VIP as Vulnerable

book

Article ID: CTX138838

calendar_today

Updated On:

Description

NetScaler Virtual IP (VIP) configured for redirect is being labeled as vulnerable by Security Scanners for Cross Site Scripting (XSS) .

Resolution

To resolve this issue, complete the following procedure:

NetScaler appends the path and query to the original request, if the redirect is provided as relative URL, for example: https://vip.domain.com.
To fix the perceived vulnerability, add a “/” (forward slash) to the URL. For example, https://vip.domain.com/ makes an absolute URL.
Run the CLI command to configure HTTP to HTTPS redirect virtual server:
add lb vserver x.x.x.x_https_redirect HTTP x.x.x.x 80 -persistenceType NONE -redirectURL "https://vip.domain.com/" -cltTimeout 180 -downStateFlush DISABLED

Problem Cause

The scanning product is misinterpreting the HTTP to HTTPS relative redirect as vulnerable.

Following is an example for such request made by security scanner:

GET /null.htw?CiWebHitsFile=/<script>xss</script>.aspx&CiRestriction=none&CiHiliteType=Full HTTP/1.1
User-Agent: curl/7.21.0 (i486-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6
Host: vip.domain.com
Accept: */*
HTTP/1.1 302 Object Moved
Location: https://vip.domain.com/null.htw?CiWebHitsFile=/%26lt;script%26gt;xss%26lt;/script%26gt;.aspx&CiRestriction=none&CiHiliteType=Full
Content-Type: text/html
Cache-Control: private
Connection: close
Date: Fri, 02 Aug 2013 15:47:44 GMT

Issue/Introduction

Netscaler redirect VIP gets falsely flagged as vulnerable to Cross Site Scripting (XSS)

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"