[原文]The web server control panel in 602LAN SUITE 2004 allows remote attackers to make it more difficult for the administrator to read portions of log files via a "</pre><!-" sequence in an HTTP GET request in the logon, possibly due to a cross-site scripting (XSS) vulnerability.
602LAN SUITE Log File Processing HTML Tag Obfuscation
Remote / Network Access
Loss of Integrity
602LAN SUITE contains a flaw that may allow remote manipulation of log data. The issue is triggered when a remote user submits an HTTP GET request for the string "</pre><!--". From that point, subsequent log entries will not be displayed when the administrator views the log file until the string " --><pre>" is encountered. This log manipulation can be used by a remote attacker to obfuscate records of other attack attempts, and will result in loss of log integrity for the service.
Administrators can still see the log entries by viewing the HTML source of the logs.
Upgrade to build 2004.0.05.0623 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.