var-200709-0097
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in the Web administration interface in Barracuda Spam Firewall before firmware 3.5.10.016 allows remote attackers to inject arbitrary web script or HTML via the username field in a login attempt, which is not properly handled when the Monitor Web Syslog screen is open. Barracuda Spam Firewall is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. This issue affects Barracuda Spam Firewall firmware 3.4.10.102; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200709-0097",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "spam firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "barracuda",
"version": "3.4.10.102"
},
{
"model": "spam firewall",
"scope": "eq",
"trust": 0.9,
"vendor": "barracuda",
"version": "3.4.10.102"
},
{
"model": "spam firewall",
"scope": "lt",
"trust": 0.8,
"vendor": "barracuda",
"version": "firmware 3.5.10.016"
},
{
"model": "spam firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "barracuda",
"version": "3.5.10.106"
}
],
"sources": [
{
"db": "BID",
"id": "25757"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002677"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-340"
},
{
"db": "NVD",
"id": "CVE-2007-5058"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:barracuda_networks:barracuda_spam_firewall",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002677"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Federico Kirschbaum is credited with the discovery of this vulnerability.",
"sources": [
{
"db": "BID",
"id": "25757"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-340"
}
],
"trust": 0.9
},
"cve": "CVE-2007-5058",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2007-5058",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-28420",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-5058",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2007-5058",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200709-340",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-28420",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28420"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002677"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-340"
},
{
"db": "NVD",
"id": "CVE-2007-5058"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the Web administration interface in Barracuda Spam Firewall before firmware 3.5.10.016 allows remote attackers to inject arbitrary web script or HTML via the username field in a login attempt, which is not properly handled when the Monitor Web Syslog screen is open. Barracuda Spam Firewall is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. \nAttacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. \nThis issue affects Barracuda Spam Firewall firmware 3.4.10.102; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-5058"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002677"
},
{
"db": "BID",
"id": "25757"
},
{
"db": "VULHUB",
"id": "VHN-28420"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-5058",
"trust": 2.8
},
{
"db": "BID",
"id": "25757",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "26937",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "38156",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-3257",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1018733",
"trust": 1.7
},
{
"db": "SREASON",
"id": "3164",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002677",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20070921 [ISR] - BARRACUDA SPAM FIREWALL. CROSS-SITE SCRIPTING",
"trust": 0.6
},
{
"db": "XF",
"id": "36716",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200709-340",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-28420",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28420"
},
{
"db": "BID",
"id": "25757"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002677"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-340"
},
{
"db": "NVD",
"id": "CVE-2007-5058"
}
]
},
"id": "VAR-200709-0097",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-28420"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:46:47.590000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.barracudanetworks.com/ns/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002677"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28420"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002677"
},
{
"db": "NVD",
"id": "CVE-2007-5058"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.barracudanetworks.com/ns/support/tech_alert.php"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/25757"
},
{
"trust": 1.7,
"url": "http://www.infobyte.com.ar/adv/isr-15.html"
},
{
"trust": 1.7,
"url": "http://osvdb.org/38156"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1018733"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26937"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/3164"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/480238/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/3257"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36716"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5058"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5058"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/36716"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/480238/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/3257"
},
{
"trust": 0.3,
"url": "http://www.barracudanetworks.com/ns/products/spam_overview.php"
},
{
"trust": 0.3,
"url": "/archive/1/480238"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28420"
},
{
"db": "BID",
"id": "25757"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002677"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-340"
},
{
"db": "NVD",
"id": "CVE-2007-5058"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-28420"
},
{
"db": "BID",
"id": "25757"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002677"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-340"
},
{
"db": "NVD",
"id": "CVE-2007-5058"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-09-24T00:00:00",
"db": "VULHUB",
"id": "VHN-28420"
},
{
"date": "2007-09-21T00:00:00",
"db": "BID",
"id": "25757"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002677"
},
{
"date": "2007-09-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200709-340"
},
{
"date": "2007-09-24T22:17:00",
"db": "NVD",
"id": "CVE-2007-5058"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-28420"
},
{
"date": "2015-05-07T17:35:00",
"db": "BID",
"id": "25757"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002677"
},
{
"date": "2007-09-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200709-340"
},
{
"date": "2024-11-21T00:37:02.523000",
"db": "NVD",
"id": "CVE-2007-5058"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200709-340"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Barracuda Spam Firewall Web Administration Console Username HTML Injection Vulnerability",
"sources": [
{
"db": "BID",
"id": "25757"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-340"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200709-340"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…