ID

VAR-201210-0410


CVE

CVE-2012-5316


TITLE

Barracuda Spam & Virus Firewall 600 Firmware cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-004851

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam & Virus Firewall 600 Firmware 4.0.1.009 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) Troubleshooting in the Trace route Device module or (2) LDAP Username in the LDAP Configuration module. Barracuda Spam & Virus WAF 600 is prone to multiple unspecified HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. The vulnerability stems from improper filtering of user-supplied input before it is used to dynamically generate content

Trust: 1.98

sources: NVD: CVE-2012-5316 // JVNDB: JVNDB-2012-004851 // BID: 51599 // VULHUB: VHN-58597

AFFECTED PRODUCTS

vendor:barracudanetworksmodel:spam \& virus firewall 600scope:lteversion:4.0.1.009

Trust: 1.0

vendor:barracudanetworksmodel:spam \& virus firewall 600scope:eqversion: -

Trust: 1.0

vendor:barracudamodel:spam & virus firewall 600scope: - version: -

Trust: 0.8

vendor:barracudamodel:spam & virus firewall 600scope:lteversion:4.0.1.009

Trust: 0.8

vendor:barracudanetworksmodel:spam \& virus firewall 600scope:eqversion:4.0.1.009

Trust: 0.6

vendor:barracudamodel:networks barracuda spam & virus wafscope:eqversion:6000

Trust: 0.3

sources: BID: 51599 // JVNDB: JVNDB-2012-004851 // CNNVD: CNNVD-201201-370 // NVD: CVE-2012-5316

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-5316
value: LOW

Trust: 1.0

NVD: CVE-2012-5316
value: LOW

Trust: 0.8

CNNVD: CNNVD-201201-370
value: LOW

Trust: 0.6

VULHUB: VHN-58597
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2012-5316
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-58597
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-58597 // JVNDB: JVNDB-2012-004851 // CNNVD: CNNVD-201201-370 // NVD: CVE-2012-5316

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-58597 // JVNDB: JVNDB-2012-004851 // NVD: CVE-2012-5316

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201201-370

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201201-370

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004851

PATCH

title:Barracuda Spam & Virus Firewallurl:https://www.barracudanetworks.com/ns/products/spam_overview.php

Trust: 0.8

sources: JVNDB: JVNDB-2012-004851

EXTERNAL IDS

db:NVDid:CVE-2012-5316

Trust: 2.8

db:BIDid:51599

Trust: 2.0

db:JVNDBid:JVNDB-2012-004851

Trust: 0.8

db:CNNVDid:CNNVD-201201-370

Trust: 0.7

db:XFid:72579

Trust: 0.6

db:NSFOCUSid:21078

Trust: 0.6

db:BUGTRAQid:20120120 [SUSPECTED SPAM] BARRACUDA SPAM/VIRUS WAF 600 - MULTIPLE WEB VULNERABILITIES

Trust: 0.6

db:VULHUBid:VHN-58597

Trust: 0.1

sources: VULHUB: VHN-58597 // BID: 51599 // JVNDB: JVNDB-2012-004851 // CNNVD: CNNVD-201201-370 // NVD: CVE-2012-5316

REFERENCES

url:http://www.securityfocus.com/bid/51599

Trust: 1.7

url:http://archives.neohapsis.com/archives/bugtraq/2012-01/0130.html

Trust: 1.7

url:http://www.vulnerability-lab.com/get_content.php?id=28

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/72579

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5316

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5316

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/72579

Trust: 0.6

url:http://www.nsfocus.net/vulndb/21078

Trust: 0.6

url:http://www.barracudanetworks.com/ns/?l=en_ca

Trust: 0.3

url:/archive/1/521316

Trust: 0.3

sources: VULHUB: VHN-58597 // BID: 51599 // JVNDB: JVNDB-2012-004851 // CNNVD: CNNVD-201201-370 // NVD: CVE-2012-5316

CREDITS

Vulnerability Research Laboratory - Benjamin Kunz Mejri

Trust: 0.9

sources: BID: 51599 // CNNVD: CNNVD-201201-370

SOURCES

db:VULHUBid:VHN-58597
db:BIDid:51599
db:JVNDBid:JVNDB-2012-004851
db:CNNVDid:CNNVD-201201-370
db:NVDid:CVE-2012-5316

LAST UPDATE DATE

2024-08-14T14:46:59.039000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-58597date:2017-08-29T00:00:00
db:BIDid:51599date:2015-03-19T09:41:00
db:JVNDBid:JVNDB-2012-004851date:2012-10-11T00:00:00
db:CNNVDid:CNNVD-201201-370date:2012-02-01T00:00:00
db:NVDid:CVE-2012-5316date:2017-08-29T01:32:38.370

SOURCES RELEASE DATE

db:VULHUBid:VHN-58597date:2012-10-08T00:00:00
db:BIDid:51599date:2012-01-20T00:00:00
db:JVNDBid:JVNDB-2012-004851date:2012-10-11T00:00:00
db:CNNVDid:CNNVD-201201-370date:1900-01-01T00:00:00
db:NVDid:CVE-2012-5316date:2012-10-08T17:55:01.293