Vulnerabilites related to symantec - proxysg
var-200711-0397
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists. Blue Coat ProxySG Management Console is prone to two cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Versions prior to ProxySG 4.2.6.1 and 5.2.2.5 are vulnerable. NOTE: This BID originally covered one issue, but was updated to also cover a second issue.
2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
TITLE: Blue Coat ProxySG SGOS Cross-Site Scripting Vulnerability
SECUNIA ADVISORY ID: SA27452
VERIFY ADVISORY: http://secunia.com/advisories/27452/
CRITICAL: Less critical
IMPACT: Cross Site Scripting
WHERE:
From remote
OPERATING SYSTEM: Blue Coat Security Gateway OS (SGOS) 4.x http://secunia.com/product/5419/ Blue Coat Security Gateway OS (SGOS) 5.x http://secunia.com/product/12422/
DESCRIPTION: A vulnerability has been reported in the Blue Coat ProxySG SGOS, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to unspecified parameters when loading "Certificate Revocation Lists" via the management console is not properly sanitised before being returned to the user.
SOLUTION: Update to version 4.2.6.1 or 5.2.2.5.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Adrian Pastor of ProCheckUp.
ORIGINAL ADVISORY: http://www.bluecoat.com/support/securityadvisories/advisory_cross-site_scripting_vulnerability
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200711-0397",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "symantec",
"version": "5.2.2.5"
},
{
"model": "proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "symantec",
"version": "5.0.0"
},
{
"model": "proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "symantec",
"version": "4.2.6.1"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.8,
"vendor": "blue coat",
"version": "5.2.2.5"
},
{
"model": "proxysg",
"scope": "lt",
"trust": 0.8,
"vendor": "blue coat",
"version": "5.x"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.6,
"vendor": "bluecoat",
"version": "5.2.2.4"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.6,
"vendor": "bluecoat",
"version": "4.2.6"
},
{
"model": "coat systems sgos",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.1.2"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"model": "coat systems sgos",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.2.5"
},
{
"model": "coat systems sgos",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.6.1"
}
],
"sources": [
{
"db": "BID",
"id": "26286"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002864"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-035"
},
{
"db": "NVD",
"id": "CVE-2007-5796"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:bluecoat:proxysg",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002864"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor credits Adrian Pastor with the discovery of this issue.",
"sources": [
{
"db": "BID",
"id": "26286"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-035"
}
],
"trust": 0.9
},
"cve": "CVE-2007-5796",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2007-5796",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-5796",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2007-5796",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200711-035",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002864"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-035"
},
{
"db": "NVD",
"id": "CVE-2007-5796"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists. Blue Coat ProxySG Management Console is prone to two cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. \nVersions prior to ProxySG 4.2.6.1 and 5.2.2.5 are vulnerable. \nNOTE: This BID originally covered one issue, but was updated to also cover a second issue. \n\n----------------------------------------------------------------------\n\n2003: 2,700 advisories published\n2004: 3,100 advisories published\n2005: 4,600 advisories published\n2006: 5,300 advisories published\n\nHow do you know which Secunia advisories are important to you?\n\nThe Secunia Vulnerability Intelligence Solutions allows you to filter\nand structure all the information you need, so you can address issues\neffectively. \n\nGet a free trial of the Secunia Vulnerability Intelligence Solutions:\nhttp://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv\n\n----------------------------------------------------------------------\n\nTITLE:\nBlue Coat ProxySG SGOS Cross-Site Scripting Vulnerability\n\nSECUNIA ADVISORY ID:\nSA27452\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/27452/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nCross Site Scripting\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nBlue Coat Security Gateway OS (SGOS) 4.x\nhttp://secunia.com/product/5419/\nBlue Coat Security Gateway OS (SGOS) 5.x\nhttp://secunia.com/product/12422/\n\nDESCRIPTION:\nA vulnerability has been reported in the Blue Coat ProxySG SGOS,\nwhich can be exploited by malicious people to conduct cross-site\nscripting attacks. \n\nInput passed to unspecified parameters when loading \"Certificate\nRevocation Lists\" via the management console is not properly\nsanitised before being returned to the user. \n\nSOLUTION:\nUpdate to version 4.2.6.1 or 5.2.2.5. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Adrian Pastor of ProCheckUp. \n\nORIGINAL ADVISORY:\nhttp://www.bluecoat.com/support/securityadvisories/advisory_cross-site_scripting_vulnerability\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-5796"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002864"
},
{
"db": "BID",
"id": "26286"
},
{
"db": "PACKETSTORM",
"id": "60621"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-5796",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "27452",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-3678",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1018888",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002864",
"trust": 0.8
},
{
"db": "XF",
"id": "38213",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200711-035",
"trust": 0.6
},
{
"db": "BID",
"id": "26286",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "60621",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "26286"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002864"
},
{
"db": "PACKETSTORM",
"id": "60621"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-035"
},
{
"db": "NVD",
"id": "CVE-2007-5796"
}
]
},
"id": "VAR-200711-0397",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.48857144
},
"last_update_date": "2024-11-23T23:13:16.820000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.bluecoat.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002864"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002864"
},
{
"db": "NVD",
"id": "CVE-2007-5796"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.bluecoat.com/support/securityadvisories/advisory_cross-site_scripting_vulnerability"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/27452"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id?1018888"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/3678"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38213"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5796"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5796"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/3678"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/38213"
},
{
"trust": 0.3,
"url": "http://hypersonic.bluecoat.com/support/securityadvisories/advisory_cross-site_scripting_vulnerability"
},
{
"trust": 0.3,
"url": "http://www.bluecoat.com/products/sg"
},
{
"trust": 0.3,
"url": "/archive/1/483124"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5419/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27452/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12422/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "BID",
"id": "26286"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002864"
},
{
"db": "PACKETSTORM",
"id": "60621"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-035"
},
{
"db": "NVD",
"id": "CVE-2007-5796"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "26286"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002864"
},
{
"db": "PACKETSTORM",
"id": "60621"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-035"
},
{
"db": "NVD",
"id": "CVE-2007-5796"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-10-29T00:00:00",
"db": "BID",
"id": "26286"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002864"
},
{
"date": "2007-11-02T16:12:25",
"db": "PACKETSTORM",
"id": "60621"
},
{
"date": "2007-11-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200711-035"
},
{
"date": "2007-11-03T00:46:00",
"db": "NVD",
"id": "CVE-2007-5796"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-11-15T00:38:00",
"db": "BID",
"id": "26286"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002864"
},
{
"date": "2007-11-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200711-035"
},
{
"date": "2024-11-21T00:38:42.847000",
"db": "NVD",
"id": "CVE-2007-5796"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200711-035"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Blue Coat ProxySG Management console cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002864"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-035"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "60621"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-035"
}
],
"trust": 0.7
}
}
var-201908-1590
Vulnerability from variot
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. ASG and ProxySG Contains an information disclosure vulnerability.Information may be obtained. Both Symantec Advanced Secure Gateway and Symantec ProxySG are security gateway devices of Symantec Corporation of the United States. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-1590",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.4.2"
},
{
"model": "advanced secure gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "advanced secure gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.4.2"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5.10.15"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "6.6"
},
{
"model": "advanced secure gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "6.7 thats all 6.7.4.2"
},
{
"model": "proxysg",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "6.5 thats all 6.5.10.15"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "6.6"
},
{
"model": "proxysg",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "6.7 thats all 6.7.4.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016057"
},
{
"db": "NVD",
"id": "CVE-2018-18371"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:advanced_secure_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:proxysg",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016057"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Muzamal Abadullah, Two Sigma Investments",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2133"
}
],
"trust": 0.6
},
"cve": "CVE-2018-18371",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2018-18371",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-128924",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-18371",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-18371",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-18371",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-2133",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-128924",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128924"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016057"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2133"
},
{
"db": "NVD",
"id": "CVE-2018-18371"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG\u0027s web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. ASG and ProxySG Contains an information disclosure vulnerability.Information may be obtained. Both Symantec Advanced Secure Gateway and Symantec ProxySG are security gateway devices of Symantec Corporation of the United States. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18371"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016057"
},
{
"db": "VULHUB",
"id": "VHN-128924"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-18371",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016057",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2133",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3254",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-128924",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128924"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016057"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2133"
},
{
"db": "NVD",
"id": "CVE-2018-18371"
}
]
},
"id": "VAR-201908-1590",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-128924"
}
],
"trust": 0.6780618366666666
},
"last_update_date": "2024-11-23T22:21:31.983000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYMSA1472",
"trust": 0.8,
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
},
{
"title": "Symantec Advanced Secure Gateway and ProxySG Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97621"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016057"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2133"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128924"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016057"
},
{
"db": "NVD",
"id": "CVE-2018-18371"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://support.symantec.com/us/en/article.symsa1472.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18371"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18371"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/proxysg-two-vulnerabilities-30176"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3254/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128924"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016057"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2133"
},
{
"db": "NVD",
"id": "CVE-2018-18371"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-128924"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016057"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2133"
},
{
"db": "NVD",
"id": "CVE-2018-18371"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-30T00:00:00",
"db": "VULHUB",
"id": "VHN-128924"
},
{
"date": "2019-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016057"
},
{
"date": "2019-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2133"
},
{
"date": "2019-08-30T09:15:16.660000",
"db": "NVD",
"id": "CVE-2018-18371"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-128924"
},
{
"date": "2019-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016057"
},
{
"date": "2020-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2133"
},
{
"date": "2024-11-21T03:55:48.747000",
"db": "NVD",
"id": "CVE-2018-18371"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2133"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASG and ProxySG Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016057"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2133"
}
],
"trust": 0.6
}
}
var-201705-3128
Vulnerability from variot
Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site. multiple Broadcom The product contains an open redirect vulnerability.Information may be obtained and information may be tampered with. Both Symantec ProxySG and AdvancedSecureGateway (ASG) are security gateway devices from Symantec Corporation of the United States. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3128",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proxysg",
"scope": "eq",
"trust": 1.2,
"vendor": "symantec",
"version": "6.6"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 1.2,
"vendor": "symantec",
"version": "6.6"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.2.1"
},
{
"model": "advanced secure gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5.10.6"
},
{
"model": "advanced secure gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.2.1"
},
{
"model": "advanced secure gateway",
"scope": null,
"trust": 0.8,
"vendor": "broadcom",
"version": null
},
{
"model": "symantec proxysg",
"scope": null,
"trust": 0.8,
"vendor": "broadcom",
"version": null
},
{
"model": "proxysg",
"scope": "gte",
"trust": 0.6,
"vendor": "symantec",
"version": "6.5\u003c=6.5.10.6"
},
{
"model": "proxysg",
"scope": "gte",
"trust": 0.6,
"vendor": "symantec",
"version": "6.7\u003c=6.7.2.1"
},
{
"model": "advanced secure gateway",
"scope": "gte",
"trust": 0.6,
"vendor": "symantec",
"version": "6.7\u003c=6.7.2.1"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.7"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.5"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.7"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.2.1"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.10.6"
},
{
"model": "advanced secure gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.2.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"db": "BID",
"id": "102455"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009737"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
},
{
"db": "NVD",
"id": "CVE-2016-9099"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jakub Palaczynski and Pawel Bartunek.",
"sources": [
{
"db": "BID",
"id": "102455"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
],
"trust": 0.9
},
"cve": "CVE-2016-9099",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-9099",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CNVD-2018-01377",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-97919",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2016-9099",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-9099",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-9099",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-01377",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-443",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97919",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"db": "VULHUB",
"id": "VHN-97919"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009737"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
},
{
"db": "NVD",
"id": "CVE-2016-9099"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site. multiple Broadcom The product contains an open redirect vulnerability.Information may be obtained and information may be tampered with. Both Symantec ProxySG and AdvancedSecureGateway (ASG) are security gateway devices from Symantec Corporation of the United States. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9099"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009737"
},
{
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"db": "BID",
"id": "102455"
},
{
"db": "VULHUB",
"id": "VHN-97919"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9099",
"trust": 4.2
},
{
"db": "BID",
"id": "102455",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1040138",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009737",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-01377",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-97919",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"db": "VULHUB",
"id": "VHN-97919"
},
{
"db": "BID",
"id": "102455"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009737"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
},
{
"db": "NVD",
"id": "CVE-2016-9099"
}
]
},
"id": "VAR-201705-3128",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"db": "VULHUB",
"id": "VHN-97919"
}
],
"trust": 1.2780618366666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
}
]
},
"last_update_date": "2024-11-23T21:53:31.342000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for SymantecProxySG and AdvancedSecureGateway Open Redirection Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/113935"
},
{
"title": "Symantec ProxySG and Advanced Secure Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77692"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-601",
"trust": 1.1
},
{
"problemtype": "Open redirect (CWE-601) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97919"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009737"
},
{
"db": "NVD",
"id": "CVE-2016-9099"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa155"
},
{
"trust": 3.1,
"url": "http://www.securityfocus.com/bid/102455"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id/1040138"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9099"
},
{
"trust": 0.3,
"url": "https://www.symantec.com/products/secure-web-gateway-proxy-sg-and-asg"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"db": "VULHUB",
"id": "VHN-97919"
},
{
"db": "BID",
"id": "102455"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009737"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
},
{
"db": "NVD",
"id": "CVE-2016-9099"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"db": "VULHUB",
"id": "VHN-97919"
},
{
"db": "BID",
"id": "102455"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009737"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
},
{
"db": "NVD",
"id": "CVE-2016-9099"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"date": "2017-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-97919"
},
{
"date": "2018-01-09T00:00:00",
"db": "BID",
"id": "102455"
},
{
"date": "2024-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009737"
},
{
"date": "2018-01-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-443"
},
{
"date": "2017-05-11T14:30:16.407000",
"db": "NVD",
"id": "CVE-2016-9099"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01377"
},
{
"date": "2021-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-97919"
},
{
"date": "2018-01-09T00:00:00",
"db": "BID",
"id": "102455"
},
{
"date": "2024-07-18T07:31:00",
"db": "JVNDB",
"id": "JVNDB-2016-009737"
},
{
"date": "2021-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-443"
},
{
"date": "2024-11-21T03:00:35.660000",
"db": "NVD",
"id": "CVE-2016-9099"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Broadcom\u00a0 Product Open Redirect Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009737"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "102455"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-443"
}
],
"trust": 0.9
}
}
var-201804-0593
Vulnerability from variot
Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes. Symantec ProxySG and ASG are prone to multiple security vulnerabilities. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user, to crash an application, resulting in a denial-of-service condition or to upload arbitrary files to the affected application; this can result in arbitrary code execution within the context of the vulnerable application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0593",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6.5.14"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "advanced secure gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6.5.14"
},
{
"model": "advanced secure gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.3.1"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7"
},
{
"model": "advanced secure gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7"
},
{
"model": "advanced secure gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.3.1"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5.10.8"
},
{
"model": "advanced secure gateway",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "proxysg",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.2.1"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.6.5.13"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.10.6"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.2.1"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.6.5.13"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.7"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.5"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.7"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6.5.4"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.4.107"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.3.1"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.6.5.14"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.10.8"
},
{
"model": "advanced secure gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.4.107"
},
{
"model": "advanced secure gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.3.1"
},
{
"model": "advanced secure gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.6.5.14"
}
],
"sources": [
{
"db": "BID",
"id": "103685"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013293"
},
{
"db": "NVD",
"id": "CVE-2017-13677"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:advanced_secure_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:proxysg",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013293"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Robert Jaroszuk @ RBS Security, Jakub Palaczynski and Pawel Bartunek.",
"sources": [
{
"db": "BID",
"id": "103685"
}
],
"trust": 0.3
},
"cve": "CVE-2017-13677",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-13677",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-104323",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-13677",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-13677",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-13677",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1081",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-104323",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104323"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013293"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1081"
},
{
"db": "NVD",
"id": "CVE-2017-13677"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes. Symantec ProxySG and ASG are prone to multiple security vulnerabilities. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user, to crash an application, resulting in a denial-of-service condition or to upload arbitrary files to the affected application; this can result in arbitrary code execution within the context of the vulnerable application",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13677"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013293"
},
{
"db": "BID",
"id": "103685"
},
{
"db": "VULHUB",
"id": "VHN-104323"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-13677",
"trust": 2.8
},
{
"db": "BID",
"id": "103685",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1040757",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013293",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1081",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-104323",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104323"
},
{
"db": "BID",
"id": "103685"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013293"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1081"
},
{
"db": "NVD",
"id": "CVE-2017-13677"
}
]
},
"id": "VAR-201804-0593",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-104323"
}
],
"trust": 0.6780618366666666
},
"last_update_date": "2024-11-23T22:00:37.769000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYMSA1432",
"trust": 0.8,
"url": "https://support.symantec.com/en_US/article.SYMSA1432.html"
},
{
"title": "Symantec Advanced Secure Gateway and ProxySG Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99997"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013293"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1081"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-19",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104323"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013293"
},
{
"db": "NVD",
"id": "CVE-2017-13677"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa162"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103685"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1040757"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13677"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13677"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104323"
},
{
"db": "BID",
"id": "103685"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013293"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1081"
},
{
"db": "NVD",
"id": "CVE-2017-13677"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-104323"
},
{
"db": "BID",
"id": "103685"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013293"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1081"
},
{
"db": "NVD",
"id": "CVE-2017-13677"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-11T00:00:00",
"db": "VULHUB",
"id": "VHN-104323"
},
{
"date": "2018-04-10T00:00:00",
"db": "BID",
"id": "103685"
},
{
"date": "2018-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013293"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1081"
},
{
"date": "2018-04-11T14:29:00.313000",
"db": "NVD",
"id": "CVE-2017-13677"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-104323"
},
{
"date": "2018-04-10T00:00:00",
"db": "BID",
"id": "103685"
},
{
"date": "2018-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013293"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1081"
},
{
"date": "2024-11-21T03:11:24.560000",
"db": "NVD",
"id": "CVE-2017-13677"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1081"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Advanced Secure Gateway and ProxySG Data processing vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013293"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1081"
}
],
"trust": 0.6
}
}
var-201805-1106
Vulnerability from variot
Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles. Symantec Advanced Secure Gateway (ASG) and ProxySG Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-1106",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proxysg",
"scope": "eq",
"trust": 1.7,
"vendor": "symantec",
"version": "6.7"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 1.7,
"vendor": "symantec",
"version": "6.6"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 1.7,
"vendor": "symantec",
"version": "6.5"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 1.7,
"vendor": "symantec",
"version": "6.7"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 1.7,
"vendor": "symantec",
"version": "6.6"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7"
}
],
"sources": [
{
"db": "BID",
"id": "104282"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005793"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-972"
},
{
"db": "NVD",
"id": "CVE-2018-5241"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:advanced_secure_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:proxysg",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005793"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "104282"
}
],
"trust": 0.3
},
"cve": "CVE-2018-5241",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-5241",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-135272",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-5241",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-5241",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-5241",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-972",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-135272",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135272"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005793"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-972"
},
{
"db": "NVD",
"id": "CVE-2018-5241"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles. Symantec Advanced Secure Gateway (ASG) and ProxySG Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5241"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005793"
},
{
"db": "BID",
"id": "104282"
},
{
"db": "VULHUB",
"id": "VHN-135272"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-5241",
"trust": 2.8
},
{
"db": "BID",
"id": "104282",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1040993",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005793",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201805-972",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-135272",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135272"
},
{
"db": "BID",
"id": "104282"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005793"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-972"
},
{
"db": "NVD",
"id": "CVE-2018-5241"
}
]
},
"id": "VAR-201805-1106",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-135272"
}
],
"trust": 0.6780618366666666
},
"last_update_date": "2024-11-23T22:55:52.810000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYMSA1450",
"trust": 0.8,
"url": "https://support.symantec.com/en_US/article.SYMSA1450.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005793"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-254",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135272"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005793"
},
{
"db": "NVD",
"id": "CVE-2018-5241"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa167"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/104282"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1040993"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5241"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5241"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135272"
},
{
"db": "BID",
"id": "104282"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005793"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-972"
},
{
"db": "NVD",
"id": "CVE-2018-5241"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-135272"
},
{
"db": "BID",
"id": "104282"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005793"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-972"
},
{
"db": "NVD",
"id": "CVE-2018-5241"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-29T00:00:00",
"db": "VULHUB",
"id": "VHN-135272"
},
{
"date": "2018-05-23T00:00:00",
"db": "BID",
"id": "104282"
},
{
"date": "2018-07-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005793"
},
{
"date": "2018-05-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-972"
},
{
"date": "2018-05-29T13:29:00.617000",
"db": "NVD",
"id": "CVE-2018-5241"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-135272"
},
{
"date": "2018-05-23T00:00:00",
"db": "BID",
"id": "104282"
},
{
"date": "2018-07-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005793"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-972"
},
{
"date": "2024-11-21T04:08:24.510000",
"db": "NVD",
"id": "CVE-2018-5241"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-972"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Advanced Secure Gateway and ProxySG Vulnerabilities related to security functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005793"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-972"
}
],
"trust": 0.6
}
}
var-201908-1589
Vulnerability from variot
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. ASG and ProxySG Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Both Symantec Advanced Secure Gateway and Symantec ProxySG are security gateway devices of Symantec Corporation of the United States. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-1589",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.4.2"
},
{
"model": "advanced secure gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "advanced secure gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.4.2"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5.10.15"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "6.6"
},
{
"model": "advanced secure gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "6.7 thats all 6.7.4.2"
},
{
"model": "proxysg",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "6.5 thats all 6.5.10.15"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "6.6"
},
{
"model": "proxysg",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "6.7 thats all 6.7.4.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016056"
},
{
"db": "NVD",
"id": "CVE-2018-18370"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:advanced_secure_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:proxysg",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016056"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Muzamal Abadullah, Two Sigma Investments",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2124"
}
],
"trust": 0.6
},
"cve": "CVE-2018-18370",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-18370",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-128923",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2018-18370",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-18370",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-18370",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-2124",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-128923",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128923"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016056"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2124"
},
{
"db": "NVD",
"id": "CVE-2018-18370"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG\u0027s web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. ASG and ProxySG Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Both Symantec Advanced Secure Gateway and Symantec ProxySG are security gateway devices of Symantec Corporation of the United States. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18370"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016056"
},
{
"db": "VULHUB",
"id": "VHN-128923"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-18370",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016056",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2124",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3254",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-128923",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128923"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016056"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2124"
},
{
"db": "NVD",
"id": "CVE-2018-18370"
}
]
},
"id": "VAR-201908-1589",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-128923"
}
],
"trust": 0.6780618366666666
},
"last_update_date": "2024-11-23T22:21:32.009000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYMSA1472",
"trust": 0.8,
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
},
{
"title": "Symantec Advanced Secure Gateway and ProxySG Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97612"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016056"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2124"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128923"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016056"
},
{
"db": "NVD",
"id": "CVE-2018-18370"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://support.symantec.com/us/en/article.symsa1472.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18370"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18370"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/proxysg-two-vulnerabilities-30176"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3254/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128923"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016056"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2124"
},
{
"db": "NVD",
"id": "CVE-2018-18370"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-128923"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016056"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2124"
},
{
"db": "NVD",
"id": "CVE-2018-18370"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-30T00:00:00",
"db": "VULHUB",
"id": "VHN-128923"
},
{
"date": "2019-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016056"
},
{
"date": "2019-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2124"
},
{
"date": "2019-08-30T09:15:16.567000",
"db": "NVD",
"id": "CVE-2018-18370"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-128923"
},
{
"date": "2019-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016056"
},
{
"date": "2019-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2124"
},
{
"date": "2024-11-21T03:55:48.623000",
"db": "NVD",
"id": "CVE-2018-18370"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2124"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASG and ProxySG Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016056"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2124"
}
],
"trust": 0.6
}
}
var-201512-0551
Vulnerability from variot
The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive information via a 407 (aka Proxy Authentication Required) HTTP status code, as demonstrated when using NTLM authentication. Bluecoat ProxySG is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Blue Coat Systems ProxySG is a set of security Web gateway equipment of American Blue Coat Systems company. The appliance provides user authentication, web filtering, data loss protection, and more to control all web traffic. Remote attackers can use the 407 HTTP status code to exploit this vulnerability to obtain sensitive information. The following versions are affected: Blue Coat Systems ProxySG prior to 6.2.16.5, 6.5 prior to 6.5.7.1, and 6.6 prior to 6.6.2.1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0551",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proxysg",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "6.6.2.0"
},
{
"model": "proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "symantec",
"version": "6.5"
},
{
"model": "proxysg",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "6.2.16.4"
},
{
"model": "proxysg",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "6.5.7.0"
},
{
"model": "proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "symantec",
"version": "6.2"
},
{
"model": "proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "symantec",
"version": "6.6"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.8,
"vendor": "blue coat",
"version": "6.5.7.1"
},
{
"model": "proxysg",
"scope": "lt",
"trust": 0.8,
"vendor": "blue coat",
"version": "6.6"
},
{
"model": "proxysg",
"scope": "lt",
"trust": 0.8,
"vendor": "blue coat",
"version": "6.5"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.8,
"vendor": "blue coat",
"version": "6.6.2.1"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.6,
"vendor": "bluecoat",
"version": "6.5.7.0"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.6,
"vendor": "bluecoat",
"version": "6.6.2.0"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.6,
"vendor": "bluecoat",
"version": "6.2.16.4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006134"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-084"
},
{
"db": "NVD",
"id": "CVE-2015-4334"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:bluecoat:proxysgos",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006134"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "onas Vestberg at Sentor Managed Security Services AB.",
"sources": [
{
"db": "BID",
"id": "85385"
}
],
"trust": 0.3
},
"cve": "CVE-2015-4334",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-4334",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-82295",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-4334",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-4334",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-084",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-82295",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82295"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006134"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-084"
},
{
"db": "NVD",
"id": "CVE-2015-4334"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive information via a 407 (aka Proxy Authentication Required) HTTP status code, as demonstrated when using NTLM authentication. Bluecoat ProxySG is prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Blue Coat Systems ProxySG is a set of security Web gateway equipment of American Blue Coat Systems company. The appliance provides user authentication, web filtering, data loss protection, and more to control all web traffic. Remote attackers can use the 407 HTTP status code to exploit this vulnerability to obtain sensitive information. The following versions are affected: Blue Coat Systems ProxySG prior to 6.2.16.5, 6.5 prior to 6.5.7.1, and 6.6 prior to 6.6.2.1",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4334"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006134"
},
{
"db": "BID",
"id": "85385"
},
{
"db": "VULHUB",
"id": "VHN-82295"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4334",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1032149",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006134",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201512-084",
"trust": 0.7
},
{
"db": "BID",
"id": "85385",
"trust": 0.4
},
{
"db": "SEEBUG",
"id": "SSVID-90029",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-82295",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82295"
},
{
"db": "BID",
"id": "85385"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006134"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-084"
},
{
"db": "NVD",
"id": "CVE-2015-4334"
}
]
},
"id": "VAR-201512-0551",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-82295"
}
],
"trust": 0.5885714400000001
},
"last_update_date": "2024-11-23T22:07:53.322000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SA93",
"trust": 0.8,
"url": "https://bto.bluecoat.com/security-advisory/sa93"
},
{
"title": "Blue Coat Systems ProxySG SGOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58945"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006134"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-084"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82295"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006134"
},
{
"db": "NVD",
"id": "CVE-2015-4334"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://bto.bluecoat.com/security-advisory/sa93"
},
{
"trust": 1.7,
"url": "https://twitter.com/bugch3ck/status/591492380294979585"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1032149"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4334"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4334"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82295"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006134"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-084"
},
{
"db": "NVD",
"id": "CVE-2015-4334"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-82295"
},
{
"db": "BID",
"id": "85385"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006134"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-084"
},
{
"db": "NVD",
"id": "CVE-2015-4334"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-82295"
},
{
"date": "2015-04-14T00:00:00",
"db": "BID",
"id": "85385"
},
{
"date": "2015-12-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006134"
},
{
"date": "2015-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-084"
},
{
"date": "2015-12-07T20:59:05.900000",
"db": "NVD",
"id": "CVE-2015-4334"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-82295"
},
{
"date": "2015-04-14T00:00:00",
"db": "BID",
"id": "85385"
},
{
"date": "2015-12-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006134"
},
{
"date": "2019-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-084"
},
{
"date": "2024-11-21T02:30:50.950000",
"db": "NVD",
"id": "CVE-2015-4334"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-084"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Blue Coat ProxySG of SGOS Vulnerability in which important information is obtained in default settings",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006134"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-084"
}
],
"trust": 0.6
}
}
var-201804-0594
Vulnerability from variot
Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application. Symantec ProxySG and ASG are prone to multiple security vulnerabilities. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user, to crash an application, resulting in a denial-of-service condition or to upload arbitrary files to the affected application; this can result in arbitrary code execution within the context of the vulnerable application. A cross-site scripting vulnerability exists in Symantec ASG and ProxySG
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0594",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.3.7"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6.5.14"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.4"
},
{
"model": "advanced secure gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.4"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.4.107"
},
{
"model": "advanced secure gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.3.7"
},
{
"model": "advanced secure gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6.5.14"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "advanced secure gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.4.107"
},
{
"model": "advanced secure gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.3"
},
{
"model": "advanced secure gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.3"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5.10.8"
},
{
"model": "advanced secure gateway",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "proxysg",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.2.1"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.6.5.13"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.10.6"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.2.1"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.6.5.13"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.7"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.5"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.7"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6.5.4"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.4.107"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.3.1"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.6.5.14"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.10.8"
},
{
"model": "advanced secure gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.4.107"
},
{
"model": "advanced secure gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.3.1"
},
{
"model": "advanced secure gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.6.5.14"
}
],
"sources": [
{
"db": "BID",
"id": "103685"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013245"
},
{
"db": "NVD",
"id": "CVE-2017-13678"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:advanced_secure_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:proxysg",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013245"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Robert Jaroszuk @ RBS Security, Jakub Palaczynski and Pawel Bartunek.",
"sources": [
{
"db": "BID",
"id": "103685"
}
],
"trust": 0.3
},
"cve": "CVE-2017-13678",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2017-13678",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-104324",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2017-13678",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-13678",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-13678",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1080",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-104324",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104324"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013245"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1080"
},
{
"db": "NVD",
"id": "CVE-2017-13678"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application. Symantec ProxySG and ASG are prone to multiple security vulnerabilities. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user, to crash an application, resulting in a denial-of-service condition or to upload arbitrary files to the affected application; this can result in arbitrary code execution within the context of the vulnerable application. A cross-site scripting vulnerability exists in Symantec ASG and ProxySG",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13678"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013245"
},
{
"db": "BID",
"id": "103685"
},
{
"db": "VULHUB",
"id": "VHN-104324"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-13678",
"trust": 2.8
},
{
"db": "BID",
"id": "103685",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1040757",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013245",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1080",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-104324",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104324"
},
{
"db": "BID",
"id": "103685"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013245"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1080"
},
{
"db": "NVD",
"id": "CVE-2017-13678"
}
]
},
"id": "VAR-201804-0594",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-104324"
}
],
"trust": 0.6780618366666666
},
"last_update_date": "2024-11-23T22:00:37.798000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SA162",
"trust": 0.8,
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
},
{
"title": "Symantec Advanced Secure Gateway and ProxySG Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155177"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013245"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1080"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104324"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013245"
},
{
"db": "NVD",
"id": "CVE-2017-13678"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa162"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103685"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1040757"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13678"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13678"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104324"
},
{
"db": "BID",
"id": "103685"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013245"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1080"
},
{
"db": "NVD",
"id": "CVE-2017-13678"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-104324"
},
{
"db": "BID",
"id": "103685"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013245"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1080"
},
{
"db": "NVD",
"id": "CVE-2017-13678"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-11T00:00:00",
"db": "VULHUB",
"id": "VHN-104324"
},
{
"date": "2018-04-10T00:00:00",
"db": "BID",
"id": "103685"
},
{
"date": "2018-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013245"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1080"
},
{
"date": "2018-04-11T14:29:00.377000",
"db": "NVD",
"id": "CVE-2017-13678"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-104324"
},
{
"date": "2018-04-10T00:00:00",
"db": "BID",
"id": "103685"
},
{
"date": "2018-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013245"
},
{
"date": "2021-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1080"
},
{
"date": "2024-11-21T03:11:24.677000",
"db": "NVD",
"id": "CVE-2017-13678"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1080"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Advanced Secure Gateway and ProxySG Management console cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013245"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1080"
}
],
"trust": 0.6
}
}
var-201705-3129
Vulnerability from variot
Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information. (DoS) It may be in a state. Both Symantec ProxySG and AdvancedSecureGateway (ASG) are security gateway devices from Symantec Corporation of the United States. A remote attacker can exploit this vulnerability to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3129",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6.5.13"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5.10.6"
},
{
"model": "advanced secure gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.3.1"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5"
},
{
"model": "advanced secure gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6.5.13"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7"
},
{
"model": "advanced secure gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7"
},
{
"model": "advanced secure gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.3.1"
},
{
"model": "advanced secure gateway",
"scope": null,
"trust": 0.8,
"vendor": "broadcom",
"version": null
},
{
"model": "symantec proxysg",
"scope": null,
"trust": 0.8,
"vendor": "broadcom",
"version": null
},
{
"model": "advanced secure gateway",
"scope": "gte",
"trust": 0.6,
"vendor": "symantec",
"version": "6.6\u003c=6.6.5.13"
},
{
"model": "advanced secure gateway",
"scope": "gte",
"trust": 0.6,
"vendor": "symantec",
"version": "6.7\u003c=6.7.3.1"
},
{
"model": "proxysg",
"scope": "gte",
"trust": 0.6,
"vendor": "symantec",
"version": "6.6\u003c=6.6.5.13"
},
{
"model": "proxysg",
"scope": "gte",
"trust": 0.6,
"vendor": "symantec",
"version": "6.7\u003c=6.7.3.1"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.7"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.5"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.7"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.3.1"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.6.5.13"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.10.6"
},
{
"model": "advanced secure gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.3.1"
},
{
"model": "advanced secure gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.6.5.13"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01387"
},
{
"db": "BID",
"id": "102454"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009736"
},
{
"db": "NVD",
"id": "CVE-2016-9100"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jakub Palaczynski and Pawel Bartunek.",
"sources": [
{
"db": "BID",
"id": "102454"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-444"
}
],
"trust": 0.9
},
"cve": "CVE-2016-9100",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2016-9100",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CNVD-2018-01387",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-97920",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2016-9100",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-9100",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-9100",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-01387",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-444",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-97920",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01387"
},
{
"db": "VULHUB",
"id": "VHN-97920"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009736"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-444"
},
{
"db": "NVD",
"id": "CVE-2016-9100"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information. (DoS) It may be in a state. Both Symantec ProxySG and AdvancedSecureGateway (ASG) are security gateway devices from Symantec Corporation of the United States. A remote attacker can exploit this vulnerability to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9100"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009736"
},
{
"db": "CNVD",
"id": "CNVD-2018-01387"
},
{
"db": "BID",
"id": "102454"
},
{
"db": "VULHUB",
"id": "VHN-97920"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9100",
"trust": 4.2
},
{
"db": "BID",
"id": "102454",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1040138",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009736",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-444",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-01387",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-97920",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01387"
},
{
"db": "VULHUB",
"id": "VHN-97920"
},
{
"db": "BID",
"id": "102454"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009736"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-444"
},
{
"db": "NVD",
"id": "CVE-2016-9100"
}
]
},
"id": "VAR-201705-3129",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01387"
},
{
"db": "VULHUB",
"id": "VHN-97920"
}
],
"trust": 1.2780618366666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01387"
}
]
},
"last_update_date": "2024-11-23T21:53:31.307000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for SymantecProxySG and AdvancedSecureGateway Information Disclosure Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/113947"
},
{
"title": "Symantec ProxySG and Advanced Secure Gateway Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77693"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01387"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-444"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.1
},
{
"problemtype": "Certificate/password management (CWE-255) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97920"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009736"
},
{
"db": "NVD",
"id": "CVE-2016-9100"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa155"
},
{
"trust": 3.1,
"url": "http://www.securityfocus.com/bid/102454"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id/1040138"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9100"
},
{
"trust": 0.3,
"url": "https://www.symantec.com/products/secure-web-gateway-proxy-sg-and-asg"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01387"
},
{
"db": "VULHUB",
"id": "VHN-97920"
},
{
"db": "BID",
"id": "102454"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009736"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-444"
},
{
"db": "NVD",
"id": "CVE-2016-9100"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-01387"
},
{
"db": "VULHUB",
"id": "VHN-97920"
},
{
"db": "BID",
"id": "102454"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009736"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-444"
},
{
"db": "NVD",
"id": "CVE-2016-9100"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01387"
},
{
"date": "2017-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-97920"
},
{
"date": "2018-01-09T00:00:00",
"db": "BID",
"id": "102454"
},
{
"date": "2024-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009736"
},
{
"date": "2018-01-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-444"
},
{
"date": "2017-05-11T14:30:16.437000",
"db": "NVD",
"id": "CVE-2016-9100"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01387"
},
{
"date": "2021-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-97920"
},
{
"date": "2018-01-09T00:00:00",
"db": "BID",
"id": "102454"
},
{
"date": "2024-07-18T07:31:00",
"db": "JVNDB",
"id": "JVNDB-2016-009736"
},
{
"date": "2021-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-444"
},
{
"date": "2024-11-21T03:00:35.787000",
"db": "NVD",
"id": "CVE-2016-9100"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-444"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec ProxySG and Advanced Secure Gateway Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01387"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-444"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-444"
}
],
"trust": 0.6
}
}
var-202004-0834
Vulnerability from variot
The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console. Broadcom Advanced Secure Gateway and ProxySG are both secure Web gateway devices from Broadcom Corporation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0834",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "7.2.0.1"
},
{
"model": "advanced secure gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.4.10"
},
{
"model": "advanced secure gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.4"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.4.10"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "7.1"
},
{
"model": "advanced secure gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "7.2.0.1"
},
{
"model": "advanced secure gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "7.1"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.4"
},
{
"model": "advanced secure gateway",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "proxysg",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "advanced secure gateway",
"scope": null,
"trust": 0.6,
"vendor": "broadcom",
"version": null
},
{
"model": "proxysg",
"scope": null,
"trust": 0.6,
"vendor": "broadcom",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22988"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015289"
},
{
"db": "NVD",
"id": "CVE-2019-18375"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:advanced_secure_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:proxysg",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015289"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Balazs Hambalko",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-563"
}
],
"trust": 0.6
},
"cve": "CVE-2019-18375",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-18375",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015289",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-22988",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-150715",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-18375",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-015289",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-18375",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015289",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-22988",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-563",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-150715",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22988"
},
{
"db": "VULHUB",
"id": "VHN-150715"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015289"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-563"
},
{
"db": "NVD",
"id": "CVE-2019-18375"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console. Broadcom Advanced Secure Gateway and ProxySG are both secure Web gateway devices from Broadcom Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18375"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015289"
},
{
"db": "CNVD",
"id": "CNVD-2020-22988"
},
{
"db": "VULHUB",
"id": "VHN-150715"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18375",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015289",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-22988",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202004-563",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-150715",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22988"
},
{
"db": "VULHUB",
"id": "VHN-150715"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015289"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-563"
},
{
"db": "NVD",
"id": "CVE-2019-18375"
}
]
},
"id": "VAR-202004-0834",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22988"
},
{
"db": "VULHUB",
"id": "VHN-150715"
}
],
"trust": 1.2780618366666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22988"
}
]
},
"last_update_date": "2024-11-23T21:35:58.830000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYMSA1752",
"trust": 0.8,
"url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1752"
},
{
"title": "Patch for Broadcom ProxySG and Advanced Secure Gateway session hijacking vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/213949"
},
{
"title": "Broadcom ProxySG and Advanced Secure Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115754"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22988"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015289"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-563"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18375"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationid=symsa1752"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18375"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18375"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/proxysg-privilege-escalation-via-session-hijacking-31992"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150715"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015289"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-563"
},
{
"db": "NVD",
"id": "CVE-2019-18375"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-22988"
},
{
"db": "VULHUB",
"id": "VHN-150715"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015289"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-563"
},
{
"db": "NVD",
"id": "CVE-2019-18375"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22988"
},
{
"date": "2020-04-10T00:00:00",
"db": "VULHUB",
"id": "VHN-150715"
},
{
"date": "2020-04-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015289"
},
{
"date": "2020-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-563"
},
{
"date": "2020-04-10T00:15:11.160000",
"db": "NVD",
"id": "CVE-2019-18375"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22988"
},
{
"date": "2021-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-150715"
},
{
"date": "2020-04-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015289"
},
{
"date": "2020-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-563"
},
{
"date": "2024-11-21T04:33:09.620000",
"db": "NVD",
"id": "CVE-2019-18375"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-563"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASG and ProxySG management console Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015289"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-563"
}
],
"trust": 0.6
}
}
var-201801-0019
Vulnerability from variot
The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256. This vulnerability CVE-2016-10256 Is a different vulnerability.Information may be obtained and information may be altered. Symantec AdvancedSecureGateway (ASG) and ProxySG are security gateway devices from Symantec Corporation of the United States. Managementconsole is one of the management consoles. Symantec ProxySG and ASG are prone to a cross-site-scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0019",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proxysg",
"scope": "eq",
"trust": 2.0,
"vendor": "symantec",
"version": "6.6"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 2.0,
"vendor": "symantec",
"version": "6.6"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.2.1"
},
{
"model": "advanced secure gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5.10.6"
},
{
"model": "advanced secure gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.2.1"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "6.7.2.1"
},
{
"model": "proxysg",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "6.5"
},
{
"model": "advanced secure gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "6.7"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "6.5.10.6"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "6.7.2.1"
},
{
"model": "proxysg",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "6.7"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "6.7\u003c6.7.2.1"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "6.5\u003c6.5.10.6"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "6.7\u003c6.7.2.1"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.7"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.5"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.7"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.2.1"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.10.6"
},
{
"model": "advanced secure gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.2.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04070"
},
{
"db": "BID",
"id": "102447"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001362"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1031"
},
{
"db": "NVD",
"id": "CVE-2016-10257"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:advanced_secure_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:proxysg",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001362"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jakub Palaczynski and Pawel Bartunek.",
"sources": [
{
"db": "BID",
"id": "102447"
}
],
"trust": 0.3
},
"cve": "CVE-2016-10257",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-10257",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-04070",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-89015",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2016-10257",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-10257",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-10257",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-04070",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1031",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-89015",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04070"
},
{
"db": "VULHUB",
"id": "VHN-89015"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001362"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1031"
},
{
"db": "NVD",
"id": "CVE-2016-10257"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256. This vulnerability CVE-2016-10256 Is a different vulnerability.Information may be obtained and information may be altered. Symantec AdvancedSecureGateway (ASG) and ProxySG are security gateway devices from Symantec Corporation of the United States. Managementconsole is one of the management consoles. Symantec ProxySG and ASG are prone to a cross-site-scripting vulnerability because it fails to sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10257"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001362"
},
{
"db": "CNVD",
"id": "CNVD-2018-04070"
},
{
"db": "BID",
"id": "102447"
},
{
"db": "VULHUB",
"id": "VHN-89015"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-10257",
"trust": 3.4
},
{
"db": "BID",
"id": "102447",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1040138",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001362",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1031",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-04070",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-89015",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04070"
},
{
"db": "VULHUB",
"id": "VHN-89015"
},
{
"db": "BID",
"id": "102447"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001362"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1031"
},
{
"db": "NVD",
"id": "CVE-2016-10257"
}
]
},
"id": "VAR-201801-0019",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04070"
},
{
"db": "VULHUB",
"id": "VHN-89015"
}
],
"trust": 1.2780618366666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04070"
}
]
},
"last_update_date": "2024-11-23T21:53:31.272000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SA155",
"trust": 0.8,
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
},
{
"title": "Patch for Symantec ASG and ProxySG Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/119469"
},
{
"title": "Symantec Advanced Secure Gateway and ProxySG Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155175"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04070"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001362"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1031"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89015"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001362"
},
{
"db": "NVD",
"id": "CVE-2016-10257"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa155"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/102447"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1040138"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10257"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10257"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04070"
},
{
"db": "VULHUB",
"id": "VHN-89015"
},
{
"db": "BID",
"id": "102447"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001362"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1031"
},
{
"db": "NVD",
"id": "CVE-2016-10257"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-04070"
},
{
"db": "VULHUB",
"id": "VHN-89015"
},
{
"db": "BID",
"id": "102447"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001362"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1031"
},
{
"db": "NVD",
"id": "CVE-2016-10257"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04070"
},
{
"date": "2018-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-89015"
},
{
"date": "2018-01-09T00:00:00",
"db": "BID",
"id": "102447"
},
{
"date": "2018-02-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001362"
},
{
"date": "2017-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1031"
},
{
"date": "2018-01-10T02:29:31.880000",
"db": "NVD",
"id": "CVE-2016-10257"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04070"
},
{
"date": "2021-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-89015"
},
{
"date": "2018-01-09T00:00:00",
"db": "BID",
"id": "102447"
},
{
"date": "2018-02-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001362"
},
{
"date": "2021-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1031"
},
{
"date": "2024-11-21T02:43:40.397000",
"db": "NVD",
"id": "CVE-2016-10257"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1031"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Advanced Secure Gateway and ProxySG Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001362"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1031"
}
],
"trust": 0.6
}
}
var-201801-0018
Vulnerability from variot
The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257. Symantec ProxySG Contains a cross-site scripting vulnerability. This vulnerability is CVE-2016-10257 This is a different vulnerability.The information may be obtained and the information may be falsified. Symantec ProxySG is prone to a cross-site-scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0018",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proxysg",
"scope": "eq",
"trust": 1.4,
"vendor": "symantec",
"version": "6.6"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.2.1"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5.10.6"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "6.7.2.1"
},
{
"model": "proxysg",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "6.5"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "6.5.10.6"
},
{
"model": "proxysg",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "6.7"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.7"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.5"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.2.1"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.10.6"
}
],
"sources": [
{
"db": "BID",
"id": "102451"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001361"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1032"
},
{
"db": "NVD",
"id": "CVE-2016-10256"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:proxysg",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001361"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jakub Palaczynski and Pawel Bartunek.",
"sources": [
{
"db": "BID",
"id": "102451"
}
],
"trust": 0.3
},
"cve": "CVE-2016-10256",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-10256",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2016-10256",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-10256",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-10256",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1032",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001361"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1032"
},
{
"db": "NVD",
"id": "CVE-2016-10256"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257. Symantec ProxySG Contains a cross-site scripting vulnerability. This vulnerability is CVE-2016-10257 This is a different vulnerability.The information may be obtained and the information may be falsified. Symantec ProxySG is prone to a cross-site-scripting vulnerability because it fails to sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10256"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001361"
},
{
"db": "BID",
"id": "102451"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-10256",
"trust": 2.7
},
{
"db": "BID",
"id": "102451",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1040138",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001361",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1032",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "102451"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001361"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1032"
},
{
"db": "NVD",
"id": "CVE-2016-10256"
}
]
},
"id": "VAR-201801-0018",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.57761907
},
"last_update_date": "2024-11-23T21:53:31.377000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SA155",
"trust": 0.8,
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
},
{
"title": "Symantec ProxySG Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155176"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001361"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1032"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001361"
},
{
"db": "NVD",
"id": "CVE-2016-10256"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1040138"
},
{
"trust": 1.6,
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa155"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/102451"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10256"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10256"
},
{
"trust": 0.3,
"url": "https://www.symantec.com/products/secure-web-gateway-proxy-sg-and-asg"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
}
],
"sources": [
{
"db": "BID",
"id": "102451"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001361"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1032"
},
{
"db": "NVD",
"id": "CVE-2016-10256"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "102451"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001361"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1032"
},
{
"db": "NVD",
"id": "CVE-2016-10256"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-09T00:00:00",
"db": "BID",
"id": "102451"
},
{
"date": "2018-02-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001361"
},
{
"date": "2017-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1032"
},
{
"date": "2018-01-10T02:29:31.833000",
"db": "NVD",
"id": "CVE-2016-10256"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-09T00:00:00",
"db": "BID",
"id": "102451"
},
{
"date": "2018-02-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001361"
},
{
"date": "2021-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1032"
},
{
"date": "2024-11-21T02:43:40.283000",
"db": "NVD",
"id": "CVE-2016-10256"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1032"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec ProxySG Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001361"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1032"
}
],
"trust": 0.6
}
}
var-201705-3126
Vulnerability from variot
The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges. Broadcom of advanced secure gateway and symantec proxysg contains vulnerabilities related to authorization, privileges, and access control.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ProxySG and ASG are prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information or elevate privileges. This may aid in further attacks. The following products are affected: Blue Coat Systems ASG 6.6 prior to 6.6.5.8 is vulnerable. Blue Coat Systems ProxySG 6.5 prior to 6.5.10.6, 6.6 prior to 6.6.5.8, and 6.7 prior to 6.7.1.2 are vulnerable. Symantec ProxySG and Advanced Secure Gateway (ASG) are security gateway devices of Symantec Corporation of the United States. Security vulnerabilities exist in Symantec ProxySG and ASG
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3126",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5.5.7"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6.5.1"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6.3"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5.6.1"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5.1"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6.2.2"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6.4.3"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5.9.2"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5.2"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5.9.14"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5.9.10"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6.4"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6.2.1"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6.3.2"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6.4.1"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5.7.6"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5.9.8"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6.3"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6.4.3"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.1.1"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6.5"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5.2.10"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5.4.1"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6.2"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6.4"
},
{
"model": "advanced secure gateway",
"scope": null,
"trust": 0.8,
"vendor": "broadcom",
"version": null
},
{
"model": "symantec proxysg",
"scope": null,
"trust": 0.8,
"vendor": "broadcom",
"version": null
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "6.6.5"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "6.6.4.1"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "6.7"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "6.7.1.1"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "6.6.2.2"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "6.6.3.2"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "6.6.3"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "6.6.4.3"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "6.6.4"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "6.6.2.1"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "6.5.4"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "6.5.36"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "6.5.35"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "6.7"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "6.6"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "6.5.8.8"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "6.5.7.3"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "6.5.5.7"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "6.5.5.4"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "6.5.1.1"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "6.5"
},
{
"model": "coat systems advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "6.6"
},
{
"model": "coat systems proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "6.7.1.2"
},
{
"model": "coat systems proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "6.6.5.8"
},
{
"model": "coat systems proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "6.5.10.6"
},
{
"model": "coat systems advanced secure gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "6.6.5.8"
}
],
"sources": [
{
"db": "BID",
"id": "101530"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009738"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1277"
},
{
"db": "NVD",
"id": "CVE-2016-9097"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jakub Palaczynski and Pawel Bartunek.",
"sources": [
{
"db": "BID",
"id": "101530"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1277"
}
],
"trust": 0.9
},
"cve": "CVE-2016-9097",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2016-9097",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-97917",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2016-9097",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-9097",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-9097",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-1277",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-97917",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97917"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009738"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1277"
},
{
"db": "NVD",
"id": "CVE-2016-9097"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges. Broadcom of advanced secure gateway and symantec proxysg contains vulnerabilities related to authorization, privileges, and access control.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ProxySG and ASG are prone to an authorization-bypass vulnerability. \nAttackers can exploit this issue to gain unauthorized access and obtain sensitive information or elevate privileges. This may aid in further attacks. \nThe following products are affected:\nBlue Coat Systems ASG 6.6 prior to 6.6.5.8 is vulnerable. \nBlue Coat Systems ProxySG 6.5 prior to 6.5.10.6, 6.6 prior to 6.6.5.8, and 6.7 prior to 6.7.1.2 are vulnerable. Symantec ProxySG and Advanced Secure Gateway (ASG) are security gateway devices of Symantec Corporation of the United States. Security vulnerabilities exist in Symantec ProxySG and ASG",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9097"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009738"
},
{
"db": "BID",
"id": "101530"
},
{
"db": "VULHUB",
"id": "VHN-97917"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9097",
"trust": 3.6
},
{
"db": "BID",
"id": "101530",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1039701",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009738",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1277",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-97917",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97917"
},
{
"db": "BID",
"id": "101530"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009738"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1277"
},
{
"db": "NVD",
"id": "CVE-2016-9097"
}
]
},
"id": "VAR-201705-3126",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-97917"
}
],
"trust": 0.57234446
},
"last_update_date": "2024-11-23T23:05:27.022000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Symantec ProxySG and Advanced Secure Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155178"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-1277"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.1
},
{
"problemtype": "Authorization / authority / access control (CWE-264) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97917"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009738"
},
{
"db": "NVD",
"id": "CVE-2016-9097"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa146"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/101530"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id/1039701"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9097"
},
{
"trust": 0.3,
"url": "http://www.bluecoat.com/products/sg"
},
{
"trust": 0.3,
"url": "https://www.bluecoat.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97917"
},
{
"db": "BID",
"id": "101530"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009738"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1277"
},
{
"db": "NVD",
"id": "CVE-2016-9097"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-97917"
},
{
"db": "BID",
"id": "101530"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009738"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1277"
},
{
"db": "NVD",
"id": "CVE-2016-9097"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-97917"
},
{
"date": "2017-10-26T00:00:00",
"db": "BID",
"id": "101530"
},
{
"date": "2024-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009738"
},
{
"date": "2017-10-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-1277"
},
{
"date": "2017-05-11T14:30:16.360000",
"db": "NVD",
"id": "CVE-2016-9097"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-97917"
},
{
"date": "2017-12-19T20:00:00",
"db": "BID",
"id": "101530"
},
{
"date": "2024-07-18T07:31:00",
"db": "JVNDB",
"id": "JVNDB-2016-009738"
},
{
"date": "2021-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-1277"
},
{
"date": "2024-11-21T03:00:35.517000",
"db": "NVD",
"id": "CVE-2016-9097"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-1277"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Broadcom\u00a0 of \u00a0advanced\u00a0secure\u00a0gateway\u00a0 and \u00a0symantec\u00a0proxysg\u00a0 Vulnerabilities related to authorization, privileges, and access control in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009738"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-1277"
}
],
"trust": 0.6
}
}
var-201804-0142
Vulnerability from variot
Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code. Symantec ProxySG and ASG are prone to multiple security vulnerabilities. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user, to crash an application, resulting in a denial-of-service condition or to upload arbitrary files to the affected application; this can result in arbitrary code execution within the context of the vulnerable application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0142",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6.5.14"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "advanced secure gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6.5.14"
},
{
"model": "advanced secure gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.3.1"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7"
},
{
"model": "advanced secure gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7"
},
{
"model": "advanced secure gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.3.1"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5.10.8"
},
{
"model": "advanced secure gateway",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "proxysg",
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.2.1"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.6.5.13"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.10.6"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.2.1"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.6.5.13"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.7"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.5"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.7"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6.5.4"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.4.107"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.3.1"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.6.5.14"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.10.8"
},
{
"model": "advanced secure gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.4.107"
},
{
"model": "advanced secure gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.3.1"
},
{
"model": "advanced secure gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.6.5.14"
}
],
"sources": [
{
"db": "BID",
"id": "103685"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004403"
},
{
"db": "NVD",
"id": "CVE-2016-10258"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:advanced_secure_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:proxysg",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004403"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pankaj Kumar Thakur",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1030"
}
],
"trust": 0.6
},
"cve": "CVE-2016-10258",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CVE-2016-10258",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-89016",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2016-10258",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-10258",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-10258",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1030",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-89016",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89016"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004403"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1030"
},
{
"db": "NVD",
"id": "CVE-2016-10258"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code. Symantec ProxySG and ASG are prone to multiple security vulnerabilities. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user, to crash an application, resulting in a denial-of-service condition or to upload arbitrary files to the affected application; this can result in arbitrary code execution within the context of the vulnerable application",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10258"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004403"
},
{
"db": "BID",
"id": "103685"
},
{
"db": "VULHUB",
"id": "VHN-89016"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-10258",
"trust": 2.8
},
{
"db": "BID",
"id": "103685",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1040757",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004403",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1030",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "47392",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-89016",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89016"
},
{
"db": "BID",
"id": "103685"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004403"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1030"
},
{
"db": "NVD",
"id": "CVE-2016-10258"
}
]
},
"id": "VAR-201804-0142",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-89016"
}
],
"trust": 0.6780618366666666
},
"last_update_date": "2024-11-23T22:00:37.829000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYMSA1432",
"trust": 0.8,
"url": "https://support.symantec.com/en_US/article.SYMSA1432.html"
},
{
"title": "Symantec Advanced Secure Gateway and ProxySG Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98313"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004403"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1030"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-434",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89016"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004403"
},
{
"db": "NVD",
"id": "CVE-2016-10258"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa162"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103685"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1040757"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10258"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10258"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/download/47392"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89016"
},
{
"db": "BID",
"id": "103685"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004403"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1030"
},
{
"db": "NVD",
"id": "CVE-2016-10258"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-89016"
},
{
"db": "BID",
"id": "103685"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004403"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1030"
},
{
"db": "NVD",
"id": "CVE-2016-10258"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-11T00:00:00",
"db": "VULHUB",
"id": "VHN-89016"
},
{
"date": "2018-04-10T00:00:00",
"db": "BID",
"id": "103685"
},
{
"date": "2018-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004403"
},
{
"date": "2017-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1030"
},
{
"date": "2018-04-11T14:29:00.250000",
"db": "NVD",
"id": "CVE-2016-10258"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-89016"
},
{
"date": "2018-04-10T00:00:00",
"db": "BID",
"id": "103685"
},
{
"date": "2018-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004403"
},
{
"date": "2021-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1030"
},
{
"date": "2024-11-21T02:43:40.507000",
"db": "NVD",
"id": "CVE-2016-10258"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1030"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Advanced Secure Gateway and ProxySG Vulnerable to unlimited upload of dangerous types of files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004403"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1030"
}
],
"trust": 0.6
}
}
CVE-2007-5796 (GCVE-0-2007-5796)
Vulnerability from cvelistv5
Published
2007-11-03 00:00
Modified
2024-08-07 15:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.bluecoat.com/support/securityadvisories/advisory_cross-site_scripting_vulnerability | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38213 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/27452 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2007/3678 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1018888 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bluecoat.com/support/securityadvisories/advisory_cross-site_scripting_vulnerability"
},
{
"name": "proxysg-management-console-xss(38213)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38213"
},
{
"name": "27452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27452"
},
{
"name": "ADV-2007-3678",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3678"
},
{
"name": "1018888",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018888"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bluecoat.com/support/securityadvisories/advisory_cross-site_scripting_vulnerability"
},
{
"name": "proxysg-management-console-xss(38213)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38213"
},
{
"name": "27452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27452"
},
{
"name": "ADV-2007-3678",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3678"
},
{
"name": "1018888",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018888"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.bluecoat.com/support/securityadvisories/advisory_cross-site_scripting_vulnerability",
"refsource": "CONFIRM",
"url": "http://www.bluecoat.com/support/securityadvisories/advisory_cross-site_scripting_vulnerability"
},
{
"name": "proxysg-management-console-xss(38213)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38213"
},
{
"name": "27452",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27452"
},
{
"name": "ADV-2007-3678",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3678"
},
{
"name": "1018888",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018888"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5796",
"datePublished": "2007-11-03T00:00:00",
"dateReserved": "2007-11-02T00:00:00",
"dateUpdated": "2024-08-07T15:47:00.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2007-11-03 00:46
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | proxysg_firmware | * | |
| symantec | proxysg_firmware | * | |
| symantec | proxysg | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:symantec:proxysg_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27934E07-8F55-443F-AF3D-C562A437A99E",
"versionEndExcluding": "4.2.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:symantec:proxysg_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7723A628-CAF2-4D7A-9BCD-AE95EE36D860",
"versionEndExcluding": "5.2.2.5",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:symantec:proxysg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7660647E-FDD2-40AE-945A-FB3FE30AC4E6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la consola de administraci\u00f3n del Blue Coat ProxySG anterior al 4.2.6.1, y el 5.x anterior al 5.2.2.5, permite a atacantes remotos la inyecci\u00f3n de secuencias de comandos web o HTML de su elecci\u00f3n mediante la modificaci\u00f3n de la URL que se usa para la carga de las Listas de Certificados Revocados (\"Certificate Revocation Lists\")."
}
],
"id": "CVE-2007-5796",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-11-03T00:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27452"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.bluecoat.com/support/securityadvisories/advisory_cross-site_scripting_vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018888"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3678"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.bluecoat.com/support/securityadvisories/advisory_cross-site_scripting_vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38213"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}