var-201307-0195
Vulnerability from variot
Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Appliance (SMA) devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuh70263, CSCuh70323, and CSCuh26634. Vendors have confirmed this vulnerability Bug IDs CSCuh70263 , CSCuh70323 ,and CSCuh26634 It is released as.A third party may be able to hijack arbitrary user authentication. Multiple Cisco Devices are prone to a cross-site request-forgery vulnerability. Attackers can exploit this issue to perform certain administrative actions and to gain unauthorized access to the affected device. This issue is being tracked by Cisco bug IDs CSCuh70323, CSCuh26634, and CSCuh70263. Content SMA is a set of content security management equipment. A remote attacker could exploit this vulnerability to hijack the authentication of any user. =============================== - Advisory - ===============================
Tittle: Cisco IronPort Security Management Appliance - Multiple issues Risk: Medium Date: 20.May.2013 Author: Pedro Andujar Twitter: @pandujar
.: [ INTRO ] :.
The Cisco Security Management Appliance helps to enable flexible management and comprehensive security control at the network gateway.
.: [ TECHNICAL DESCRIPTION ] :.
Cisco IronPort Security Management Appliance M170 v7.9.1-030 (and probably other products), are prone to several security issues as described below;
.: [ ISSUE #1 }:.
Name: Reflected Cross Site Scripting Severity: Low CVE: CVE-2013-3396
There is a lack of output escaping in the default error 500 page. When a exception occurs in the application, the error description contains user unvalidated input from the request:
** PoC removed as requested by Cisco. **
.: [ ISSUE #2 }:.
Name: Stored Cross Site Scripting Severity: Medium
Due to a lack of input validation on job_name, job_type, appliances_options and config_master parameters which are then printed unscapped on job_name, old_job_name, job_type, appliance_lists and config_master fields.
** PoC removed as requested by Cisco. **
.: [ ISSUE #3 }:.
Name: CSRF Token is not used Severity: Low CVE: CVE-2013-3395
CSRFKey is not used in some areas of the application, which make even easier to exploit Reflected XSS Issues. In the /report area of the application, we got no error even when completely removing the parameter CSRFKey;
** PoC removed as requested by Cisco. **
See: http://tools.cisco.com/security/center/viewAlert.x?alertId=29844
.: [ ISSUE #4 }:.
Name: Lack of password obfuscation Severity: Low
When exporting the configuration file even if you mark the "mask password" option, the SNMPv3 password still appears in cleartext.
.: [ CHANGELOG ] :.
- 20/May/2013: - Vulnerability found.
- 27/May/2013: - Vendor contacted.
- 11/Jul/2013: - Public Disclosure
.: [ SOLUTIONS ] :.
Thanks to Stefano De Crescenzo (Cisco PSIRT Team), because of his professional way of managing the entire process.
Stored XSS CSCuh24755
Reflected XSS http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3396
SNMP password issue CSCuh27268, CSCuh70314
CSRF http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3395
.: [ REFERENCES ] :
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201307-0195",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "email security appliance",
"scope": "eq",
"trust": 2.2,
"vendor": "cisco",
"version": null
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "e email security the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "7.8 and before that"
},
{
"model": "web security the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "7.7 and before that"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.1 and before that"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5.1"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.4"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.3"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.2"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.1"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.7"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6.2"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6.1"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5.2"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5.1"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.3.2"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.3.1"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.3"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.5"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.4"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.3"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.2"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.1"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.8"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.9.1"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.9"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.7.1"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.7"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.2"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.1"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2"
}
],
"sources": [
{
"db": "BID",
"id": "60919"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003179"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-042"
},
{
"db": "NVD",
"id": "CVE-2013-3395"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:email_security_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:web_security_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:content_security_management_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003179"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "60919"
}
],
"trust": 0.3
},
"cve": "CVE-2013-3395",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2013-3395",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-63397",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3395",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-3395",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201307-042",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-63397",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2013-3395",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63397"
},
{
"db": "VULMON",
"id": "CVE-2013-3395"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003179"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-042"
},
{
"db": "NVD",
"id": "CVE-2013-3395"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Appliance (SMA) devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuh70263, CSCuh70323, and CSCuh26634. Vendors have confirmed this vulnerability Bug IDs CSCuh70263 , CSCuh70323 ,and CSCuh26634 It is released as.A third party may be able to hijack arbitrary user authentication. Multiple Cisco Devices are prone to a cross-site request-forgery vulnerability. \nAttackers can exploit this issue to perform certain administrative actions and to gain unauthorized access to the affected device. \nThis issue is being tracked by Cisco bug IDs CSCuh70323, CSCuh26634, and CSCuh70263. Content SMA is a set of content security management equipment. A remote attacker could exploit this vulnerability to hijack the authentication of any user. ===============================\n - Advisory -\n ===============================\n\n Tittle: Cisco IronPort Security Management Appliance - Multiple issues\n Risk: Medium\n Date: 20.May.2013\n Author: Pedro Andujar\n Twitter: @pandujar\n\n \t\n.: [ INTRO ] :. \n\n\nThe Cisco Security Management Appliance helps to enable flexible management and comprehensive security control \nat the network gateway. \n\n\n.: [ TECHNICAL DESCRIPTION ] :. \n\nCisco IronPort Security Management Appliance M170 v7.9.1-030 (and probably other products), are prone to several security issues \nas described below;\n\n\n.: [ ISSUE #1 }:. \n\nName: Reflected Cross Site Scripting\nSeverity: Low \nCVE: CVE-2013-3396\n\nThere is a lack of output escaping in the default error 500 page. When a exception occurs in the application, the error\ndescription contains user unvalidated input from the request:\n\n** PoC removed as requested by Cisco. **\n\n\n.: [ ISSUE #2 }:. \n\nName: Stored Cross Site Scripting\nSeverity: Medium\n\nDue to a lack of input validation on job_name, job_type, appliances_options and config_master parameters which are then \nprinted unscapped on job_name, old_job_name, job_type, appliance_lists and config_master fields. \n\n\n** PoC removed as requested by Cisco. **\n\n\n.: [ ISSUE #3 }:. \n\nName: CSRF Token is not used\nSeverity: Low\nCVE: CVE-2013-3395\n\nCSRFKey is not used in some areas of the application, which make even easier to exploit Reflected XSS Issues. In the /report area \nof the application, we got no error even when completely removing the parameter CSRFKey; \n\n** PoC removed as requested by Cisco. **\n\nSee: http://tools.cisco.com/security/center/viewAlert.x?alertId=29844\n\n.: [ ISSUE #4 }:. \n\nName: Lack of password obfuscation\nSeverity: Low\n\nWhen exporting the configuration file even if you mark the \"mask password\" option, the SNMPv3 password still appears in cleartext. \n\n\n.: [ CHANGELOG ] :. \n\n * 20/May/2013: - Vulnerability found. \n * 27/May/2013: - Vendor contacted. \n * 11/Jul/2013: - Public Disclosure\n\n\n.: [ SOLUTIONS ] :. \n\nThanks to Stefano De Crescenzo (Cisco PSIRT Team), because of his professional way of managing the entire process. \n\nStored XSS\nCSCuh24755\n\nReflected XSS\nhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3396\n\nSNMP password issue\nCSCuh27268, CSCuh70314\n\nCSRF\nhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3395\n\n\n.: [ REFERENCES ] :",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3395"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003179"
},
{
"db": "BID",
"id": "60919"
},
{
"db": "VULHUB",
"id": "VHN-63397"
},
{
"db": "VULMON",
"id": "CVE-2013-3395"
},
{
"db": "PACKETSTORM",
"id": "122955"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3395",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003179",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201307-042",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20130626 CISCO IRONPORT CROSS-SITE REQUEST FORGERY VULNERABILITY",
"trust": 0.6
},
{
"db": "BID",
"id": "60919",
"trust": 0.5
},
{
"db": "PACKETSTORM",
"id": "122955",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-63397",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2013-3395",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63397"
},
{
"db": "VULMON",
"id": "CVE-2013-3395"
},
{
"db": "BID",
"id": "60919"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003179"
},
{
"db": "PACKETSTORM",
"id": "122955"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-042"
},
{
"db": "NVD",
"id": "CVE-2013-3395"
}
]
},
"id": "VAR-201307-0195",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-63397"
}
],
"trust": 0.54899413
},
"last_update_date": "2024-08-14T14:21:17.714000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco IronPort Cross-Site Request Forgery Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3395"
},
{
"title": "29844",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=29844"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003179"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63397"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003179"
},
{
"db": "NVD",
"id": "CVE-2013-3395"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3395"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3395"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3395"
},
{
"trust": 0.4,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=29844"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/60919"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/122955/cisco-ironport-cross-site-request-forgery-cross-site-scripting.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/publicationlisting.x"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3396"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3396"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3395"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/ps12503/index.html"
},
{
"trust": 0.1,
"url": "http://www.digitalsec.net/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63397"
},
{
"db": "VULMON",
"id": "CVE-2013-3395"
},
{
"db": "BID",
"id": "60919"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003179"
},
{
"db": "PACKETSTORM",
"id": "122955"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-042"
},
{
"db": "NVD",
"id": "CVE-2013-3395"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-63397"
},
{
"db": "VULMON",
"id": "CVE-2013-3395"
},
{
"db": "BID",
"id": "60919"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003179"
},
{
"db": "PACKETSTORM",
"id": "122955"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-042"
},
{
"db": "NVD",
"id": "CVE-2013-3395"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-63397"
},
{
"date": "2013-07-02T00:00:00",
"db": "VULMON",
"id": "CVE-2013-3395"
},
{
"date": "2013-07-01T00:00:00",
"db": "BID",
"id": "60919"
},
{
"date": "2013-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003179"
},
{
"date": "2013-08-26T20:58:21",
"db": "PACKETSTORM",
"id": "122955"
},
{
"date": "2013-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-042"
},
{
"date": "2013-07-02T03:43:34.647000",
"db": "NVD",
"id": "CVE-2013-3395"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-63397"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2013-3395"
},
{
"date": "2013-07-01T00:00:00",
"db": "BID",
"id": "60919"
},
{
"date": "2013-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003179"
},
{
"date": "2013-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-042"
},
{
"date": "2018-10-30T16:27:22.513000",
"db": "NVD",
"id": "CVE-2013-3395"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201307-042"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Security Appliance Web Cross-site request forgery vulnerability in framework",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003179"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201307-042"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…