Sign-up

ID

VAR-200805-0353


CVE

CVE-2008-2162


TITLE

SonicWALL Email Security Error Page Cross-Site Scripting Vulnerability

Trust: 0.9

sources: BID: 29107 // CNNVD: CNNVD-200805-111

DESCRIPTION

Cross-site scripting (XSS) vulnerability in SonicWall Email Security 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the Host header in a request to a non-existent web page, which is not properly sanitized in an error page. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. SonicWALL Email Security 6.1.1 is vulnerable; other versions may also be affected. The vulnerability was not filtered out in the error page

Trust: 1.98

sources: NVD: CVE-2008-2162 // JVNDB: JVNDB-2008-005776 // BID: 29107 // VULHUB: VHN-32287

AFFECTED PRODUCTS

vendor:sonicwallmodel:e-mail securityscope:eqversion:6.1.1

Trust: 2.4

vendor:sonicwallmodel:email securityscope:eqversion:6.1.1

Trust: 0.3

sources: BID: 29107 // JVNDB: JVNDB-2008-005776 // CNNVD: CNNVD-200805-111 // NVD: CVE-2008-2162

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-2162
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-2162
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200805-111
value: MEDIUM

Trust: 0.6

VULHUB: VHN-32287
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-2162
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-32287
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-32287 // JVNDB: JVNDB-2008-005776 // CNNVD: CNNVD-200805-111 // NVD: CVE-2008-2162

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-32287 // JVNDB: JVNDB-2008-005776 // NVD: CVE-2008-2162

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200805-111

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200805-111

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-005776

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-32287

PATCH
title:Email Securityurl:http://o-www.sonicwall.com/us/en/products/Anti-Spam_Email_Security.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-005776

EXTERNAL IDS
db:NVDid:CVE-2008-2162
Trust: 2.8
db:BIDid:29107
Trust: 2.0
db:SECTRACKid:1019999
Trust: 1.7
db:JVNDBid:JVNDB-2008-005776
Trust: 0.8
db:CNNVDid:CNNVD-200805-111
Trust: 0.7
db:XFid:42283
Trust: 0.6
db:FULLDISCid:20080508 SONICWALL E-MAIL SECURITY HOST HEADER XSS VULNERABILITY
Trust: 0.6
db:SEEBUGid:SSVID-85071
Trust: 0.1
db:EXPLOIT-DBid:31756
Trust: 0.1
db:VULHUBid:VHN-32287
Trust: 0.1
sources:
            
            
            VULHUB: VHN-32287 // 
            
            
            
            BID: 29107 // 
            
            
            
            JVNDB: JVNDB-2008-005776 // 
            
            
            
            CNNVD: CNNVD-200805-111 // 
            
            
            
            NVD: CVE-2008-2162

REFERENCES
url:http://www.securityfocus.com/bid/29107
Trust: 1.7
url:http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0226.html
Trust: 1.7
url:http://www.securitytracker.com/id?1019999
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/42283
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2162
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2162
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/42283
Trust: 0.6
url:http://www.sonicwall.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-32287 // 
            
            
            
            BID: 29107 // 
            
            
            
            JVNDB: JVNDB-2008-005776 // 
            
            
            
            CNNVD: CNNVD-200805-111 // 
            
            
            
            NVD: CVE-2008-2162

CREDITS
Deniz CEVIK
Trust: 0.9
sources:
            
            
            BID: 29107 // 
            
            
            
            CNNVD: CNNVD-200805-111

SOURCES
db:VULHUBid:VHN-32287
db:BIDid:29107
db:JVNDBid:JVNDB-2008-005776
db:CNNVDid:CNNVD-200805-111
db:NVDid:CVE-2008-2162

LAST UPDATE DATE
2024-08-14T14:28:45.185000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-32287date:2017-08-08T00:00:00
db:BIDid:29107date:2015-05-07T17:29:00
db:JVNDBid:JVNDB-2008-005776date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200805-111date:2008-09-05T00:00:00
db:NVDid:CVE-2008-2162date:2017-08-08T01:30:49.010

SOURCES RELEASE DATE
db:VULHUBid:VHN-32287date:2008-05-12T00:00:00
db:BIDid:29107date:2008-05-08T00:00:00
db:JVNDBid:JVNDB-2008-005776date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200805-111date:2008-05-12T00:00:00
db:NVDid:CVE-2008-2162date:2008-05-12T22:20:00