ID

VAR-201401-0109


CVE

CVE-2013-5092


TITLE

AlgoSec Firewall Analyzer of afa/php/Login.php Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-005948

DESCRIPTION

Cross-site scripting (XSS) vulnerability in afa/php/Login.php in AlgoSec Firewall Analyzer 6.1-b86 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. AlgoSec Firewall Analyzer 6.1-b86 is affected; other versions may also be vulnerable. AlgoSec Firewall Analyzer (AFA) is a set of firewall analysis solutions from AlgoSec Company in the United States. The solution supports automatic detection of security loopholes in firewall policies. A cross-site scripting vulnerability exists in the afa/php/Login.php script in version 6.1-b86 of AFA

Trust: 2.07

sources: NVD: CVE-2013-5092 // JVNDB: JVNDB-2013-005948 // BID: 61733 // VULHUB: VHN-65094 // VULMON: CVE-2013-5092

AFFECTED PRODUCTS

vendor:algosecmodel:firewall analyzerscope:eqversion:6.1

Trust: 1.6

vendor:algosecmodel:firewall analyzerscope:eqversion:6.1-b86

Trust: 0.8

sources: JVNDB: JVNDB-2013-005948 // CNNVD: CNNVD-201308-171 // NVD: CVE-2013-5092

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5092
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5092
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201308-171
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65094
value: MEDIUM

Trust: 0.1

VULMON: CVE-2013-5092
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5092
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-65094
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65094 // VULMON: CVE-2013-5092 // JVNDB: JVNDB-2013-005948 // CNNVD: CNNVD-201308-171 // NVD: CVE-2013-5092

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-65094 // JVNDB: JVNDB-2013-005948 // NVD: CVE-2013-5092

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-171

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201308-171

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005948

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-65094 // VULMON: CVE-2013-5092

PATCH

title:AlgoSec Firewall Analyzerurl:http://www.algosec.com/en/products_solutions/products/firewall_analyzer

Trust: 0.8

sources: JVNDB: JVNDB-2013-005948

EXTERNAL IDS

db:NVDid:CVE-2013-5092

Trust: 2.9

db:BIDid:61733

Trust: 2.9

db:OSVDBid:96806

Trust: 2.6

db:PACKETSTORMid:122737

Trust: 1.8

db:JVNDBid:JVNDB-2013-005948

Trust: 0.8

db:CNNVDid:CNNVD-201308-171

Trust: 0.7

db:XFid:86336

Trust: 0.6

db:EXPLOIT-DBid:38692

Trust: 0.2

db:VULHUBid:VHN-65094

Trust: 0.1

db:VULMONid:CVE-2013-5092

Trust: 0.1

sources: VULHUB: VHN-65094 // VULMON: CVE-2013-5092 // BID: 61733 // JVNDB: JVNDB-2013-005948 // CNNVD: CNNVD-201308-171 // NVD: CVE-2013-5092

REFERENCES

url:http://www.osvdb.org/96806

Trust: 2.6

url:http://www.securityfocus.com/bid/61733

Trust: 1.9

url:http://packetstormsecurity.com/files/122737/algosec-xss.txt

Trust: 1.8

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/86336

Trust: 1.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5092

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5092

Trust: 0.8

url:http://www.securityfocus.com/bid/61733/info

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/86336

Trust: 0.6

url:http://www.algosec.com/en/products/firewall_analyzer

Trust: 0.3

url:https://portal.algosec.com/en/downloads/software_releases_n_hotfixes/firewall_analyzer_releases_n_hotfixes

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.exploit-db.com/exploits/38692/

Trust: 0.1

sources: VULHUB: VHN-65094 // VULMON: CVE-2013-5092 // BID: 61733 // JVNDB: JVNDB-2013-005948 // CNNVD: CNNVD-201308-171 // NVD: CVE-2013-5092

CREDITS

Asheesh kumar Mani Tripathi, Asheesh Anaconda

Trust: 0.9

sources: BID: 61733 // CNNVD: CNNVD-201308-171

SOURCES

db:VULHUBid:VHN-65094
db:VULMONid:CVE-2013-5092
db:BIDid:61733
db:JVNDBid:JVNDB-2013-005948
db:CNNVDid:CNNVD-201308-171
db:NVDid:CVE-2013-5092

LAST UPDATE DATE

2024-11-23T22:39:03.867000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-65094date:2017-08-29T00:00:00
db:VULMONid:CVE-2013-5092date:2017-08-29T00:00:00
db:BIDid:61733date:2015-03-19T08:42:00
db:JVNDBid:JVNDB-2013-005948date:2014-01-31T00:00:00
db:CNNVDid:CNNVD-201308-171date:2014-02-07T00:00:00
db:NVDid:CVE-2013-5092date:2024-11-21T01:56:59.987

SOURCES RELEASE DATE

db:VULHUBid:VHN-65094date:2014-01-29T00:00:00
db:VULMONid:CVE-2013-5092date:2014-01-29T00:00:00
db:BIDid:61733date:2013-08-07T00:00:00
db:JVNDBid:JVNDB-2013-005948date:2014-01-31T00:00:00
db:CNNVDid:CNNVD-201308-171date:2013-08-23T00:00:00
db:NVDid:CVE-2013-5092date:2014-01-29T18:55:26.887