cvelistv5 - CVE-2016-1303

CVE-2016-1303 (GCVE-0-2016-1303)

Vulnerability from cvelistv5

Published

2016-01-30 11:00

Modified

2024-08-05 22:55

Severity ?

CWE

Summary

The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

gsd-2016-1303

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330.

Aliases

CVE-2016-1303

Aliases

CVE-2016-1303

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-1303",
    "description": "The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330.",
    "id": "GSD-2016-1303"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-1303"
      ],
      "details": "The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330.",
      "id": "GSD-2016-1303",
      "modified": "2023-12-13T01:21:25.068087Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2016-1303",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20160128 Cisco Small Business 500 Series Switches Denial of Service Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-sbs"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:500_series_switch_firmware:1.2.0.92:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:sg500x-48p:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:sg500x-48:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:sg500x-24p:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:sg500x-24:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:sf500-48p:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:sf500-48:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:sf500-24p:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:sf500-24:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:sg500-52p:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:sg500-28p:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:sg500-52mp:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:sg500-52:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:sg500-28:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:sg500xg-8f8t:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:sg500-28mpp:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1303"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160128 Cisco Small Business 500 Series Switches Denial of Service Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-sbs"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH"
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2016-02-24T15:32Z",
      "publishedDate": "2016-01-30T12:59Z"
    }
  }
}

fkie_cve-2016-1303

Vulnerability from fkie_nvd

Published

2016-01-30 12:59

Modified

2025-04-12 10:46

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330.

References

	URL	Tags
	psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-sbs	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-sbs	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	500_series_switch_firmware	1.2.0.92
cisco	sf500-24	*
cisco	sf500-24p	*
cisco	sf500-48	*
cisco	sf500-48p	*
cisco	sg500-28	*
cisco	sg500-28mpp	*
cisco	sg500-28p	*
cisco	sg500-52	*
cisco	sg500-52mp	*
cisco	sg500-52p	*
cisco	sg500x-24	*
cisco	sg500x-24p	*
cisco	sg500x-48	*
cisco	sg500x-48p	*
cisco	sg500xg-8f8t	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:500_series_switch_firmware:1.2.0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "002EBDD8-54C8-4AAF-BF4A-AA624082B647",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:sf500-24:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D2ECC9D-B6C6-42B9-82ED-216641C04E5F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:sf500-24p:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7FB7696-D7CE-428A-B9DB-91F168D541E2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:sf500-48:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8951DB6-83C0-476F-A257-8870866CDCE3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:sf500-48p:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB07F4E8-D70B-4475-B402-77AB7A0E55E7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:sg500-28:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "371ED03D-AC1A-41EF-BD95-0FD6E9BACFF4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:sg500-28mpp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FDF244-34DC-448A-B716-896AE74AFBE1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:sg500-28p:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E0BA61C-8C87-4E8F-A280-7730493D11B6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:sg500-52:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1D9990-C936-4D77-964F-E5149CB49940",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:sg500-52mp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2396CE32-6E90-4F1F-AAE2-FADC09EE4699",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:sg500-52p:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "32C43BA7-A9F6-4841-8660-C3A1F671C6A0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:sg500x-24:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83F6D338-DF58-4389-B7A0-C63411BD437B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:sg500x-24p:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2778C8FF-CDE8-46AE-A43F-28267A381D91",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:sg500x-48:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2828F297-55B1-472B-9405-79C4A142C54D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:sg500x-48p:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65774D5F-6443-475C-95C5-8CE338D7FE4E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:sg500xg-8f8t:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D256913-1A29-47F6-A012-D5371F109366",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330."
    },
    {
      "lang": "es",
      "value": "La GUI web en dispositivos Cisco Small Business 500 1.2.0.92 permite a atacantes remotos causar una denegaci\u00f3n de servicio a trav\u00e9s de una petici\u00f3n HTTP manipulada, tambi\u00e9n conocida como Bug ID CSCul65330."
    }
  ],
  "id": "CVE-2016-1303",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-30T12:59:01.290",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-sbs"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-sbs"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cnvd-2016-00828

Vulnerability from cnvd

Title

Cisco Small Business 500 Device Web GUI拒绝服务漏洞

Description

Cisco Small Business 500 Device是美国思科公司的500系列可堆叠管理型交换机产品。 Cisco Small Business 500 Device的Web GUI中存在安全漏洞，远程攻击者可通过发送特制的HTTP请求进行拒绝服务。

Severity

中

Patch Name

Cisco Small Business 500 Device Web GUI拒绝服务漏洞的补丁

Patch Description

Cisco Small Business 500 Device是美国思科公司的500系列可堆叠管理型交换机产品。 Cisco Small Business 500 Device的Web GUI中存在安全漏洞，远程攻击者可通过发送特制的HTTP请求进行拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-sbs

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-sbs

Impacted products

Name
Cisco Small Business 500 Series Switches 1.2.0.92

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1303"
    }
  },
  "description": "Cisco Small Business 500 Device\u662f\u7f8e\u56fd\u601d\u79d1\u516c\u53f8\u7684500\u7cfb\u5217\u53ef\u5806\u53e0\u7ba1\u7406\u578b\u4ea4\u6362\u673a\u4ea7\u54c1\u3002\r\n\r\nCisco Small Business 500 Device\u7684Web GUI\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684HTTP\u8bf7\u6c42\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-sbs",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-00828",
  "openTime": "2016-02-14",
  "patchDescription": "Cisco Small Business 500 Device\u662f\u7f8e\u56fd\u601d\u79d1\u516c\u53f8\u7684500\u7cfb\u5217\u53ef\u5806\u53e0\u7ba1\u7406\u578b\u4ea4\u6362\u673a\u4ea7\u54c1\u3002\r\n\r\nCisco Small Business 500 Device\u7684Web GUI\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684HTTP\u8bf7\u6c42\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Small Business 500 Device Web GUI\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Small Business 500 Series Switches 1.2.0.92"
  },
  "referenceLink": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-sbs",
  "serverity": "\u4e2d",
  "submitTime": "2016-02-02",
  "title": "Cisco Small Business 500 Device Web GUI\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CERTFR-2016-AVI-042

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Cisco	Small Business	Cisco Small Business 500 Series Switches version 1.2.0.92
	Cisco	Unity Connection	Cisco Unity Connection version 10.5(2.3009)

References

Title

Publication Time

The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330. A security vulnerability exists in the WebGUI of CiscoSmallBusiness500Device, which can be denied by a remote attacker by sending a specially crafted HTTP request. An attacker can exploit this issue to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCul65330

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201601-0045",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "500 series switch",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.2.0.92"
      },
      {
        "model": "small business 500 series stackable managed switch",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "1.2.0.92"
      },
      {
        "model": "small business series switches",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5001.2.0.92"
      },
      {
        "model": "small business series stackable managed switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5001.2.0.92"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-00828"
      },
      {
        "db": "BID",
        "id": "82232"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001491"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-686"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1303"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:cisco:500_series_stackable_managed_switches",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001491"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "82232"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-1303",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2016-1303",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 5.4,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 4.9,
            "id": "CNVD-2016-00828",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-90122",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2016-1303",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-1303",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-1303",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-00828",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201601-686",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-90122",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-00828"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90122"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001491"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-686"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1303"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330. A security vulnerability exists in the WebGUI of CiscoSmallBusiness500Device, which can be denied by a remote attacker by sending a specially crafted HTTP request. \nAn attacker can exploit this issue to cause denial-of-service conditions. \nThis issue is being tracked by Cisco Bug ID CSCul65330",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1303"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001491"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-00828"
      },
      {
        "db": "BID",
        "id": "82232"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90122"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-1303",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001491",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-686",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-00828",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "82232",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-90122",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-00828"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90122"
      },
      {
        "db": "BID",
        "id": "82232"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001491"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-686"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1303"
      }
    ]
  },
  "id": "VAR-201601-0045",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-00828"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90122"
      }
    ],
    "trust": 1.2579861
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-00828"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:45:51.162000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160128-sbs",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-sbs"
      },
      {
        "title": "Patch for CiscoSmallBusiness500DeviceWebGUI Denial of Service Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/71172"
      },
      {
        "title": "Cisco Small Business 500 Device Web GUI Remediation measures for denial of service vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59990"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-00828"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001491"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-686"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90122"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001491"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1303"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160128-sbs"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1303"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1303"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-00828"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90122"
      },
      {
        "db": "BID",
        "id": "82232"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001491"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-686"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1303"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-00828"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90122"
      },
      {
        "db": "BID",
        "id": "82232"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001491"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-686"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1303"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-02-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-00828"
      },
      {
        "date": "2016-01-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90122"
      },
      {
        "date": "2016-01-28T00:00:00",
        "db": "BID",
        "id": "82232"
      },
      {
        "date": "2016-02-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001491"
      },
      {
        "date": "2016-01-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201601-686"
      },
      {
        "date": "2016-01-30T12:59:01.290000",
        "db": "NVD",
        "id": "CVE-2016-1303"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-02-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-00828"
      },
      {
        "date": "2016-02-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90122"
      },
      {
        "date": "2016-01-28T00:00:00",
        "db": "BID",
        "id": "82232"
      },
      {
        "date": "2016-02-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001491"
      },
      {
        "date": "2016-02-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201601-686"
      },
      {
        "date": "2024-11-21T02:46:09.050000",
        "db": "NVD",
        "id": "CVE-2016-1303"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-686"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Small Business 500 Device Web GUI Denial of Service Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-00828"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-686"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-686"
      }
    ],
    "trust": 0.6
  }
}

ghsa-x7pm-p523-46fj

Vulnerability from github

Published

2022-05-17 03:58

Modified

2022-05-17 03:58

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-1303"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-01-30T12:59:00Z",
    "severity": "HIGH"
  },
  "details": "The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330.",
  "id": "GHSA-x7pm-p523-46fj",
  "modified": "2022-05-17T03:58:39Z",
  "published": "2022-05-17T03:58:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1303"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-sbs"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-1303 (GCVE-0-2016-1303)

Vulnerability from cvelistv5

gsd-2016-1303

Vulnerability from gsd

fkie_cve-2016-1303

Vulnerability from fkie_nvd

cnvd-2016-00828

Vulnerability from cnvd

CERTFR-2016-AVI-042

Vulnerability from certfr_avis

Solution

var-201601-0045

Vulnerability from variot

ghsa-x7pm-p523-46fj

Vulnerability from github

Tags

Sightings

Nomenclature