Details of VAR-201305-0165

ID

VAR-201305-0165

CVE

CVE-2013-1611

TITLE

Symantec Brightmail Gateway Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-002607

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in administrative-interface pages in the management console in Symantec Brightmail Gateway 9.5.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Symantec Brightmail Gateway is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. Symantec Brightmail Gateway 9.5.x are vulnerable

Trust: 2.07

sources: NVD: CVE-2013-1611 // JVNDB: JVNDB-2013-002607 // BID: 59700 // VULHUB: VHN-61613 // VULMON: CVE-2013-1611

AFFECTED PRODUCTS

vendor:	symantec	model:	brightmail gateway	scope:	eq	version:	9.5.1	Trust: 1.9
vendor:	symantec	model:	brightmail gateway	scope:	eq	version:	9.5	Trust: 1.9
vendor:	symantec	model:	brightmail gateway	scope:	eq	version:	9.5.x	Trust: 0.8

sources: BID: 59700 // JVNDB: JVNDB-2013-002607 // CNNVD: CNNVD-201305-195 // NVD: CVE-2013-1611

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1611
value:	LOW
Trust: 1.0
NVD:	CVE-2013-1611
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201305-195
value:	LOW
Trust: 0.6
VULHUB:	VHN-61613
value:	LOW
Trust: 0.1
VULMON:	CVE-2013-1611
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2013-1611
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-61613
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61613 // VULMON: CVE-2013-1611 // JVNDB: JVNDB-2013-002607 // CNNVD: CNNVD-201305-195 // NVD: CVE-2013-1611

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-61613 // JVNDB: JVNDB-2013-002607 // NVD: CVE-2013-1611

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-195

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201305-195

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002607

PATCH

title:	SYM13-004	url:	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130508_00	Trust: 0.8
title:	SYM13-004	url:	http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130508_00	Trust: 0.8

sources: JVNDB: JVNDB-2013-002607

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1611	Trust: 2.9
db:	BID	id:	59700	Trust: 2.1
db:	JVNDB	id:	JVNDB-2013-002607	Trust: 0.8
db:	CNNVD	id:	CNNVD-201305-195	Trust: 0.7
db:	SECUNIA	id:	53366	Trust: 0.6
db:	VULHUB	id:	VHN-61613	Trust: 0.1
db:	VULMON	id:	CVE-2013-1611	Trust: 0.1

sources: VULHUB: VHN-61613 // VULMON: CVE-2013-1611 // BID: 59700 // JVNDB: JVNDB-2013-002607 // CNNVD: CNNVD-201305-195 // NVD: CVE-2013-1611

REFERENCES

url:	http://www.securityfocus.com/bid/59700	Trust: 1.8
url:	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130508_00	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1611	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1611	Trust: 0.8
url:	http://secunia.com/advisories/53366	Trust: 0.6
url:	http://www.symantec.com	Trust: 0.3
url:	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130508_00	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-61613 // VULMON: CVE-2013-1611 // BID: 59700 // JVNDB: JVNDB-2013-002607 // CNNVD: CNNVD-201305-195 // NVD: CVE-2013-1611

CREDITS

Puneeth Kumar R.

Trust: 0.9

sources: BID: 59700 // CNNVD: CNNVD-201305-195

SOURCES

db:	VULHUB	id:	VHN-61613
db:	VULMON	id:	CVE-2013-1611
db:	BID	id:	59700
db:	JVNDB	id:	JVNDB-2013-002607
db:	CNNVD	id:	CNNVD-201305-195
db:	NVD	id:	CVE-2013-1611

LAST UPDATE DATE

2024-11-23T22:18:45.412000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61613	date:	2013-05-10T00:00:00
db:	VULMON	id:	CVE-2013-1611	date:	2013-05-10T00:00:00
db:	BID	id:	59700	date:	2013-05-09T09:52:00
db:	JVNDB	id:	JVNDB-2013-002607	date:	2013-05-10T00:00:00
db:	CNNVD	id:	CNNVD-201305-195	date:	2013-05-17T00:00:00
db:	NVD	id:	CVE-2013-1611	date:	2024-11-21T01:49:59.807

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61613	date:	2013-05-09T00:00:00
db:	VULMON	id:	CVE-2013-1611	date:	2013-05-09T00:00:00
db:	BID	id:	59700	date:	2013-05-08T00:00:00
db:	JVNDB	id:	JVNDB-2013-002607	date:	2013-05-10T00:00:00
db:	CNNVD	id:	CNNVD-201305-195	date:	2013-05-17T00:00:00
db:	NVD	id:	CVE-2013-1611	date:	2013-05-09T12:31:19.367