XSS Vulnerability in Commtouch Gateway? Not anymore!

filed under Email Security.

Commtouch Enterprise Anti-Spam Gateway is a nice and very effective product [hey, I am objective:)] that helps enterprises to block spam and virus outbreaks. It’s been out there for a long time and it has a solid base of loyal and happy customers all over the world. I know, because I’ve been supporting this product since its first release and it has always been a pleasure to hear warm words about its performance.

Last Friday, June the 26th, I received an email from my colleague Yael with notification that a cross site scripting vulnerability has been found in the Gateway, and that it puts our Enterprise Gateway customers at risk. I read the security report. And then I read it again. The alarming reality sunk in and I almost ran to our R&D team, screaming for solution. “Almost”, because of the mere fact that there are several thousands of kilometres and an ocean separating us.

Despite the fact, that it was a weekend, it didn’t take long for R&D to come up with an elegant solution to the problem. Just two days after the vulnerability publication we had a fix and QA was running at full steam…

Yesterday the security patch was released and published, and a notification was sent to all Commtouch Enterprise Anti-Spam Gateway users, so today I would like to say a big Thank You to my Commtouch colleagues for the hard work on the weekend and the quick solution.

More and more Gateways are being patched as you read this blog, and our customers are protected not only from spam and viruses, but also from the aforesaid vulnerability.

By the way, the security patch is available on our website here. Just enter your Commtouch Gateway license key to login to customer section and download the ctSecurityPatch1.00.0001.zip file.

Leave a Reply

(will not be published)