cvelistv5 - cve-2007-4023

CVE-2007-4023 (GCVE-0-2007-4023)

Vulnerability from cvelistv5

Published

2007-07-26 19:00

Modified

2024-08-07 14:37

Severity ?

CWE

Summary

References

URL

Tags

cve@mitre.org	http://osvdb.org/36469
cve@mitre.org	http://secunia.com/advisories/26192	Patch, Vendor Advisory
cve@mitre.org	http://www.arubanetworks.com/support/alerts/aid-070907b.asc
cve@mitre.org	http://www.kb.cert.org/vuls/id/680449	US Government Resource
cve@mitre.org	http://www.securityfocus.com/bid/25059
cve@mitre.org	http://www.securitytracker.com/id?1018457
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2646
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/35605
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/36469
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26192	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.arubanetworks.com/support/alerts/aid-070907b.asc
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/680449	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25059
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018457
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2646
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/35605

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:37:06.036Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#680449",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/680449"
          },
          {
            "name": "25059",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25059"
          },
          {
            "name": "ADV-2007-2646",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2646"
          },
          {
            "name": "26192",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26192"
          },
          {
            "name": "1018457",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018457"
          },
          {
            "name": "36469",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/36469"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/support/alerts/aid-070907b.asc"
          },
          {
            "name": "aruba-mobility-login-xss(35605)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35605"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "VU#680449",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/680449"
        },
        {
          "name": "25059",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25059"
        },
        {
          "name": "ADV-2007-2646",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2646"
        },
        {
          "name": "26192",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26192"
        },
        {
          "name": "1018457",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018457"
        },
        {
          "name": "36469",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/36469"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arubanetworks.com/support/alerts/aid-070907b.asc"
        },
        {
          "name": "aruba-mobility-login-xss(35605)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35605"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4023",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#680449",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/680449"
            },
            {
              "name": "25059",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25059"
            },
            {
              "name": "ADV-2007-2646",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2646"
            },
            {
              "name": "26192",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26192"
            },
            {
              "name": "1018457",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018457"
            },
            {
              "name": "36469",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/36469"
            },
            {
              "name": "http://www.arubanetworks.com/support/alerts/aid-070907b.asc",
              "refsource": "CONFIRM",
              "url": "http://www.arubanetworks.com/support/alerts/aid-070907b.asc"
            },
            {
              "name": "aruba-mobility-login-xss(35605)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35605"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4023",
    "datePublished": "2007-07-26T19:00:00",
    "dateReserved": "2007-07-26T00:00:00",
    "dateUpdated": "2024-08-07T14:37:06.036Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-4023\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-07-26T19:30:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el programa CGI de autenticaci\u00f3n del Aruba Mobility Controller 2.5.4.18 y versiones anteriores y en el 2.4.8.6-FIPS y versiones FIPS anteriores, permite a atacantes remotos la inyecci\u00f3n de secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores sin especificar.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:aruba:mobility_controller:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.4.8.6-fips\",\"matchCriteriaId\":\"A6B79431-D102-4FAE-8FCA-B5C9A54C8095\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:aruba:mobility_controller:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.4.18\",\"matchCriteriaId\":\"61AE4D6E-E3A2-4182-8E7D-836DA4C0D054\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/36469\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26192\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.arubanetworks.com/support/alerts/aid-070907b.asc\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/680449\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/25059\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1018457\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2646\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35605\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/36469\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/26192\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.arubanetworks.com/support/alerts/aid-070907b.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/680449\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/25059\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018457\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2646\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35605\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

var-200707-0198

Vulnerability from variot

Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. This issue affects versions prior to Aruba Mobility Controller 2.5.4.18 and FIPS prior to 2.4.8.6-FIPS.

Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.

The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/

The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.

Certain input passed to the login pages is not properly sanitised before being returned to the user.

SOLUTION: Update to the latest patched firmware version. http://www.arubanetworks.com/support

PROVIDED AND/OR DISCOVERED BY: The vendor credits Adair Collins and Steve Palmer of HostsPlus, and Nobuhiro Tsuji of NTT DATA SECURITY.

ORIGINAL ADVISORY: http://www.arubanetworks.com/support/alerts/aid-070907b.asc

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200707-0198",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mobility controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "aruba",
        "version": "2.5.4.18"
      },
      {
        "model": "mobility controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "aruba",
        "version": "2.4.8.6-fips"
      },
      {
        "model": "mobility controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "aruba",
        "version": "earlier than 2.5.4.18"
      },
      {
        "model": "mobility controller",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "aruba",
        "version": "2.4.8.6-fips"
      },
      {
        "model": "mobility controller",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "aruba",
        "version": "2.5.4.18"
      },
      {
        "model": "networks aruba mobility controllers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "2.5.4.17"
      },
      {
        "model": "networks aruba mobility controllers .5-fips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "2.4.8"
      },
      {
        "model": "networks aruba mobility controllers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "2.5.4.18"
      },
      {
        "model": "networks aruba mobility controllers .6-fips",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "2.4.8"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "25059"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000551"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-480"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4023"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:arubanetworks:aruba_mobility_controller",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000551"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Vendor credits Adair Collins and Steve Palmer of HostsPlus for reporting this issue and  Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION for independent discovery of this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "25059"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2007-4023",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2007-4023",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2007-000551",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-27385",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2007-4023",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2007-000551",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200707-480",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-27385",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27385"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000551"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-480"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4023"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. \nThis issue affects versions prior to Aruba Mobility Controller 2.5.4.18 and FIPS prior to 2.4.8.6-FIPS. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Full Featured Secunia Network Software Inspector (NSI) is now\navailable:\nhttp://secunia.com/network_software_inspector/\n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\nCertain input passed to the login pages is not properly sanitised\nbefore being returned to the user. \n\nSOLUTION:\nUpdate to the latest patched firmware version. \nhttp://www.arubanetworks.com/support\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Adair Collins and Steve Palmer of HostsPlus, and\nNobuhiro Tsuji of NTT DATA SECURITY. \n\nORIGINAL ADVISORY:\nhttp://www.arubanetworks.com/support/alerts/aid-070907b.asc\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-4023"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000551"
      },
      {
        "db": "BID",
        "id": "25059"
      },
      {
        "db": "VULHUB",
        "id": "VHN-27385"
      },
      {
        "db": "PACKETSTORM",
        "id": "58031"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-4023",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "26192",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "25059",
        "trust": 2.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2646",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1018457",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "36469",
        "trust": 1.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#680449",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVN25471539",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000551",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "35605",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-480",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-27385",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58031",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27385"
      },
      {
        "db": "BID",
        "id": "25059"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000551"
      },
      {
        "db": "PACKETSTORM",
        "id": "58031"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-480"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4023"
      }
    ]
  },
  "id": "VAR-200707-0198",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27385"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:24:12.357000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "AID-070907b",
        "trust": 0.8,
        "url": "http://www.arubanetworks.com/support/alerts/aid-070907b.asc"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000551"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-4023"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/26192"
      },
      {
        "trust": 1.8,
        "url": "http://www.arubanetworks.com/support/alerts/aid-070907b.asc"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/25059"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/36469"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1018457"
      },
      {
        "trust": 1.1,
        "url": "http://www.kb.cert.org/vuls/id/680449"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/2646"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35605"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4023"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/en/jp/jvn25471539/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-4023"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/35605"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/2646"
      },
      {
        "trust": 0.3,
        "url": "http://www.arubanetworks.com/"
      },
      {
        "trust": 0.3,
        "url": "https://support.arubanetworks.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.arubanetworks.com/support/wsirt/alerts/aid-021307b.asc"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13472/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/network_software_inspector/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13471/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26192/"
      },
      {
        "trust": 0.1,
        "url": "http://www.arubanetworks.com/support"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13473/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13474/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27385"
      },
      {
        "db": "BID",
        "id": "25059"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000551"
      },
      {
        "db": "PACKETSTORM",
        "id": "58031"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-480"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4023"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-27385"
      },
      {
        "db": "BID",
        "id": "25059"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000551"
      },
      {
        "db": "PACKETSTORM",
        "id": "58031"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-480"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4023"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-07-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-27385"
      },
      {
        "date": "2007-07-25T00:00:00",
        "db": "BID",
        "id": "25059"
      },
      {
        "date": "2008-05-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-000551"
      },
      {
        "date": "2007-07-26T04:26:32",
        "db": "PACKETSTORM",
        "id": "58031"
      },
      {
        "date": "2007-07-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200707-480"
      },
      {
        "date": "2007-07-26T19:30:00",
        "db": "NVD",
        "id": "CVE-2007-4023"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-27385"
      },
      {
        "date": "2015-05-07T17:36:00",
        "db": "BID",
        "id": "25059"
      },
      {
        "date": "2008-05-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-000551"
      },
      {
        "date": "2007-07-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200707-480"
      },
      {
        "date": "2024-11-21T00:34:36.457000",
        "db": "NVD",
        "id": "CVE-2007-4023"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-480"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Aruba Mobility Controller Series cross-site scripting vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000551"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "58031"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-480"
      }
    ],
    "trust": 0.7
  }
}

ghsa-r847-794v-mgw3

Vulnerability from github

Published

2022-05-01 18:19

Modified

2022-05-01 18:19

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-4023"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-07-26T19:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
  "id": "GHSA-r847-794v-mgw3",
  "modified": "2022-05-01T18:19:27Z",
  "published": "2022-05-01T18:19:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4023"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35605"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/36469"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26192"
    },
    {
      "type": "WEB",
      "url": "http://www.arubanetworks.com/support/alerts/aid-070907b.asc"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/680449"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25059"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018457"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2646"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2007-4023

Vulnerability from fkie_nvd

Published

2007-07-26 19:30

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/36469
cve@mitre.org	http://secunia.com/advisories/26192	Patch, Vendor Advisory
cve@mitre.org	http://www.arubanetworks.com/support/alerts/aid-070907b.asc
cve@mitre.org	http://www.kb.cert.org/vuls/id/680449	US Government Resource
cve@mitre.org	http://www.securityfocus.com/bid/25059
cve@mitre.org	http://www.securitytracker.com/id?1018457
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2646
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/35605
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/36469
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26192	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.arubanetworks.com/support/alerts/aid-070907b.asc
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/680449	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25059
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018457
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2646
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/35605

Impacted products

	Vendor	Product	Version
	aruba	mobility_controller	*
	aruba	mobility_controller	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:aruba:mobility_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B79431-D102-4FAE-8FCA-B5C9A54C8095",
              "versionEndIncluding": "2.4.8.6-fips",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:aruba:mobility_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61AE4D6E-E3A2-4182-8E7D-836DA4C0D054",
              "versionEndIncluding": "2.5.4.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el programa CGI de autenticaci\u00f3n del Aruba Mobility Controller 2.5.4.18 y versiones anteriores y en el 2.4.8.6-FIPS y versiones FIPS anteriores, permite a atacantes remotos la inyecci\u00f3n de secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2007-4023",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-07-26T19:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/36469"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26192"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.arubanetworks.com/support/alerts/aid-070907b.asc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/680449"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/25059"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018457"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2646"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/36469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26192"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.arubanetworks.com/support/alerts/aid-070907b.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/680449"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35605"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2007-4023

Vulnerability from jvndb

Published

2008-05-21 00:00

Modified

2008-05-21 00:00

Severity ?

() - -

Summary

Aruba Mobility Controller Series cross-site scripting vulnerability

Details

Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability. Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability in the login page to the web management screens.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN25471539/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4023
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4023
	SECUNIA	http://secunia.com/advisories/26192

Impacted products

Vendor

Product

Aruba Networks, Inc

Aruba Mobility Controller

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000551.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability.\r\n\r\nAruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability in the login page to the web management screens.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000551.html",
  "sec:cpe": {
    "#text": "cpe:/a:arubanetworks:aruba_mobility_controller",
    "@product": "Aruba Mobility Controller",
    "@vendor": "Aruba Networks, Inc",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000551",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN25471539/index.html",
      "@id": "JVN#25471539",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4023",
      "@id": "CVE-2007-4023",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4023",
      "@id": "CVE-2007-4023",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/26192",
      "@id": "SA26192",
      "@source": "SECUNIA"
    }
  ],
  "title": "Aruba Mobility Controller Series cross-site scripting vulnerability"
}

gsd-2007-4023

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-4023

Aliases

CVE-2007-4023

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-4023",
    "description": "Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
    "id": "GSD-2007-4023"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-4023"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
      "id": "GSD-2007-4023",
      "modified": "2023-12-13T01:21:37.199112Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-4023",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "VU#680449",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/680449"
          },
          {
            "name": "25059",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/25059"
          },
          {
            "name": "ADV-2007-2646",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2646"
          },
          {
            "name": "26192",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26192"
          },
          {
            "name": "1018457",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018457"
          },
          {
            "name": "36469",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/36469"
          },
          {
            "name": "http://www.arubanetworks.com/support/alerts/aid-070907b.asc",
            "refsource": "CONFIRM",
            "url": "http://www.arubanetworks.com/support/alerts/aid-070907b.asc"
          },
          {
            "name": "aruba-mobility-login-xss(35605)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35605"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:aruba:mobility_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.5.4.18",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:aruba:mobility_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.4.8.6-fips",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4023"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.arubanetworks.com/support/alerts/aid-070907b.asc",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.arubanetworks.com/support/alerts/aid-070907b.asc"
            },
            {
              "name": "VU#680449",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/680449"
            },
            {
              "name": "26192",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26192"
            },
            {
              "name": "25059",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/25059"
            },
            {
              "name": "1018457",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018457"
            },
            {
              "name": "36469",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/36469"
            },
            {
              "name": "ADV-2007-2646",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2646"
            },
            {
              "name": "aruba-mobility-login-xss(35605)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35605"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-29T01:32Z",
      "publishedDate": "2007-07-26T19:30Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-4023 (GCVE-0-2007-4023)

Vulnerability from cvelistv5

var-200707-0198

Vulnerability from variot

ghsa-r847-794v-mgw3

Vulnerability from github

fkie_cve-2007-4023

Vulnerability from fkie_nvd

cve-2007-4023

Vulnerability from jvndb

gsd-2007-4023

Vulnerability from gsd

Tags

Sightings

Nomenclature