Sign-up

ID

VAR-201210-0410


CVE

CVE-2012-5316


TITLE

Barracuda Spam & Virus Firewall 600 Firmware cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-004851

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam & Virus Firewall 600 Firmware 4.0.1.009 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) Troubleshooting in the Trace route Device module or (2) LDAP Username in the LDAP Configuration module. Barracuda Spam & Virus WAF 600 is prone to multiple unspecified HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. The vulnerability stems from improper filtering of user-supplied input before it is used to dynamically generate content

Trust: 1.98

sources: NVD: CVE-2012-5316 // JVNDB: JVNDB-2012-004851 // BID: 51599 // VULHUB: VHN-58597

AFFECTED PRODUCTS

vendor:barracudanetworksmodel:spam \& virus firewall 600scope:lteversion:4.0.1.009

Trust: 1.0

vendor:barracudanetworksmodel:spam \& virus firewall 600scope:eqversion: -

Trust: 1.0

vendor:barracudamodel:spam & virus firewall 600scope: - version: -

Trust: 0.8

vendor:barracudamodel:spam & virus firewall 600scope:lteversion:4.0.1.009

Trust: 0.8

vendor:barracudanetworksmodel:spam \& virus firewall 600scope:eqversion:4.0.1.009

Trust: 0.6

vendor:barracudamodel:networks barracuda spam & virus wafscope:eqversion:6000

Trust: 0.3

sources: BID: 51599 // JVNDB: JVNDB-2012-004851 // CNNVD: CNNVD-201201-370 // NVD: CVE-2012-5316

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-5316
value: LOW

Trust: 1.0

NVD: CVE-2012-5316
value: LOW

Trust: 0.8

CNNVD: CNNVD-201201-370
value: LOW

Trust: 0.6

VULHUB: VHN-58597
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2012-5316
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-58597
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-58597 // JVNDB: JVNDB-2012-004851 // CNNVD: CNNVD-201201-370 // NVD: CVE-2012-5316

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-58597 // JVNDB: JVNDB-2012-004851 // NVD: CVE-2012-5316

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201201-370

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201201-370

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-004851

PATCH
title:Barracuda Spam & Virus Firewallurl:https://www.barracudanetworks.com/ns/products/spam_overview.php
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-004851

EXTERNAL IDS
db:NVDid:CVE-2012-5316
Trust: 2.8
db:BIDid:51599
Trust: 2.0
db:JVNDBid:JVNDB-2012-004851
Trust: 0.8
db:CNNVDid:CNNVD-201201-370
Trust: 0.7
db:XFid:72579
Trust: 0.6
db:NSFOCUSid:21078
Trust: 0.6
db:BUGTRAQid:20120120 [SUSPECTED SPAM] BARRACUDA SPAM/VIRUS WAF 600 - MULTIPLE WEB VULNERABILITIES
Trust: 0.6
db:VULHUBid:VHN-58597
Trust: 0.1
sources:
            
            
            VULHUB: VHN-58597 // 
            
            
            
            BID: 51599 // 
            
            
            
            JVNDB: JVNDB-2012-004851 // 
            
            
            
            CNNVD: CNNVD-201201-370 // 
            
            
            
            NVD: CVE-2012-5316

REFERENCES
url:http://www.securityfocus.com/bid/51599
Trust: 1.7
url:http://archives.neohapsis.com/archives/bugtraq/2012-01/0130.html
Trust: 1.7
url:http://www.vulnerability-lab.com/get_content.php?id=28
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/72579
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5316
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5316
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/72579
Trust: 0.6
url:http://www.nsfocus.net/vulndb/21078
Trust: 0.6
url:http://www.barracudanetworks.com/ns/?l=en_ca
Trust: 0.3
url:/archive/1/521316
Trust: 0.3
sources:
            
            
            VULHUB: VHN-58597 // 
            
            
            
            BID: 51599 // 
            
            
            
            JVNDB: JVNDB-2012-004851 // 
            
            
            
            CNNVD: CNNVD-201201-370 // 
            
            
            
            NVD: CVE-2012-5316

CREDITS
Vulnerability Research Laboratory - Benjamin Kunz Mejri
Trust: 0.9
sources:
            
            
            BID: 51599 // 
            
            
            
            CNNVD: CNNVD-201201-370

SOURCES
db:VULHUBid:VHN-58597
db:BIDid:51599
db:JVNDBid:JVNDB-2012-004851
db:CNNVDid:CNNVD-201201-370
db:NVDid:CVE-2012-5316

LAST UPDATE DATE
2024-08-14T14:46:59.039000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-58597date:2017-08-29T00:00:00
db:BIDid:51599date:2015-03-19T09:41:00
db:JVNDBid:JVNDB-2012-004851date:2012-10-11T00:00:00
db:CNNVDid:CNNVD-201201-370date:2012-02-01T00:00:00
db:NVDid:CVE-2012-5316date:2017-08-29T01:32:38.370

SOURCES RELEASE DATE
db:VULHUBid:VHN-58597date:2012-10-08T00:00:00
db:BIDid:51599date:2012-01-20T00:00:00
db:JVNDBid:JVNDB-2012-004851date:2012-10-11T00:00:00
db:CNNVDid:CNNVD-201201-370date:1900-01-01T00:00:00
db:NVDid:CVE-2012-5316date:2012-10-08T17:55:01.293