I just stumbled on this security advisory while I was googling something totally unrelated...
"These issues have been fixed in PANOS 5.0.9, mentioned in the release notes like this:
57343—Fixed an issue that caused improper handling of imported certificates that contained HTML."
Also I think this vulnerability isn't even listed here, on PA's Security Advisories page:
This is the actual vulnerability:
A couple of bugs exist in Palo Alto Networks PANOS <= 5.0.8 which can be exploited to conduct cross-site scripting attacks.
Certificate fields are displayed in the firewall web interface without proper sanitization applied to them. This way it is possible to inject html into the web interface.
Various file upload forms used by the firewall do not implement proper CSRF protection. import.certificate.php for example. "
That's not an acceptable answer to me! When I can find the vulnerability on Palo Alto Networks PanOS 5.0.8 XSS / CSRF ≈ Packet Storm Packet Storm's site, it's out there for the public! At least let customers know there's a vulnerability
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!