Sign-up

ID

VAR-200505-1057


CVE

CVE-2005-1006


TITLE

SonicWALL SOHO Web Remote Input Validation Error Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200505-320

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file. Multiple remote input validation vulnerabilities affect SonicWALL SOHO. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. Specifically a cross-site scripting issue and an HTML injection issue affect the vulnerable device. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks, potentially leading to a compromise of the affected device. SonicWALL Pro 230 firmware 6.5.0.3 is reported vulnerable to these issues as well. SonicWALL SOHO is a tool that provides network INTERNET security connection. ---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: SonicWALL SOHO series Cross-Site Scripting and Script Injection SECUNIA ADVISORY ID: SA14823 VERIFY ADVISORY: http://secunia.com/advisories/14823/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: SonicWALL SOHO series http://secunia.com/product/223/ DESCRIPTION: Oliver Karow has reported two vulnerabilities in SonicWALL SOHO series, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks. 1) Input passed in the URL path is not properly sanitised before being returned to the user. Example: http://[host]/[code] 2) Input passed to the username in the login page is not properly sanitised before being used. Other versions may also be affected. SOLUTION: Restrict access to the web interface to prevent the script insertion vulnerability. PROVIDED AND/OR DISCOVERED BY: Oliver Karow ORIGINAL ADVISORY: http://www.oliverkarow.de/research/SonicWall.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2005-1006 // BID: 12984 // VULHUB: VHN-12215 // PACKETSTORM: 36968

AFFECTED PRODUCTS

vendor:sonicwallmodel:sohoscope:eqversion:5.1.7.0

Trust: 1.9

vendor:sonicwallmodel:proscope:eqversion:2306.5.0.3

Trust: 0.3

sources: BID: 12984 // CNNVD: CNNVD-200505-320 // NVD: CVE-2005-1006

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-1006
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200505-320
value: LOW

Trust: 0.6

VULHUB: VHN-12215
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2005-1006
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-12215
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-12215 // CNNVD: CNNVD-200505-320 // NVD: CVE-2005-1006

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

sources: NVD: CVE-2005-1006

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200505-320

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 36968 // CNNVD: CNNVD-200505-320

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-12215

PATCH
title:SonicWALL SOHO Web Fixes for Remote Input Validation Error Vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=197203
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200505-320

EXTERNAL IDS
db:NVDid:CVE-2005-1006
Trust: 2.0
db:BIDid:12984
Trust: 2.0
db:SECUNIAid:14823
Trust: 1.8
db:OSVDBid:15262
Trust: 1.7
db:OSVDBid:15261
Trust: 1.7
db:SECTRACKid:1013638
Trust: 1.7
db:CNNVDid:CNNVD-200505-320
Trust: 0.7
db:SEEBUGid:SSVID-78994
Trust: 0.1
db:EXPLOIT-DBid:25331
Trust: 0.1
db:VULHUBid:VHN-12215
Trust: 0.1
db:PACKETSTORMid:36968
Trust: 0.1
sources:
            
            
            VULHUB: VHN-12215 // 
            
            
            
            BID: 12984 // 
            
            
            
            PACKETSTORM: 36968 // 
            
            
            
            CNNVD: CNNVD-200505-320 // 
            
            
            
            NVD: CVE-2005-1006

REFERENCES
url:http://www.oliverkarow.de/research/sonicwall.txt
Trust: 1.8
url:http://www.securityfocus.com/bid/12984
Trust: 1.7
url:http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html
Trust: 1.7
url:http://www.osvdb.org/15261
Trust: 1.7
url:http://www.osvdb.org/15262
Trust: 1.7
url:http://securitytracker.com/id?1013638
Trust: 1.7
url:http://secunia.com/advisories/14823
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/19958
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/19960
Trust: 1.7
url:http://www.sonicwall.com
Trust: 0.3
url:/archive/1/394869
Trust: 0.3
url:http://secunia.com/advisories/14823/
Trust: 0.1
url:http://secunia.com/product/223/
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://[host]/[code]
Trust: 0.1
url:http://secunia.com/secunia_vacancies/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-12215 // 
            
            
            
            BID: 12984 // 
            
            
            
            PACKETSTORM: 36968 // 
            
            
            
            CNNVD: CNNVD-200505-320 // 
            
            
            
            NVD: CVE-2005-1006

CREDITS
Oliver Karow  Oliver.karow@gmx.de
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200505-320

SOURCES
db:VULHUBid:VHN-12215
db:BIDid:12984
db:PACKETSTORMid:36968
db:CNNVDid:CNNVD-200505-320
db:NVDid:CVE-2005-1006

LAST UPDATE DATE
2024-08-14T15:40:53.246000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-12215date:2017-07-11T00:00:00
db:BIDid:12984date:2009-07-12T11:56:00
db:CNNVDid:CNNVD-200505-320date:2022-06-24T00:00:00
db:NVDid:CVE-2005-1006date:2022-06-23T16:42:59.087

SOURCES RELEASE DATE
db:VULHUBid:VHN-12215date:2005-05-02T00:00:00
db:BIDid:12984date:2005-04-04T00:00:00
db:PACKETSTORMid:36968date:2005-04-17T06:53:52
db:CNNVDid:CNNVD-200505-320date:2005-04-05T00:00:00
db:NVDid:CVE-2005-1006date:2005-05-02T04:00:00