Details of VAR-201505-0173

ID

VAR-201505-0173

CVE

CVE-2015-0727

TITLE

Cisco Security Manager of HTTP Module cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002702

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the HTTP module in Cisco Security Manager (CSM) 4.7(0)SP1(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27789. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCut27789

Trust: 1.98

sources: NVD: CVE-2015-0727 // JVNDB: JVNDB-2015-002702 // BID: 74680 // VULHUB: VHN-78673

AFFECTED PRODUCTS

vendor:	cisco	model:	security manager	scope:	eq	version:	4.7\(0\)	Trust: 1.6
vendor:	cisco	model:	security manager	scope:	eq	version:	4.7(0)sp1(1)	Trust: 0.8
vendor:	cisco	model:	security manager 4.7 sp1	scope:	-	version:	-	Trust: 0.3

sources: BID: 74680 // JVNDB: JVNDB-2015-002702 // CNNVD: CNNVD-201505-235 // NVD: CVE-2015-0727

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0727
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0727
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201505-235
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78673
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0727
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-78673
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78673 // JVNDB: JVNDB-2015-002702 // CNNVD: CNNVD-201505-235 // NVD: CVE-2015-0727

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-78673 // JVNDB: JVNDB-2015-002702 // NVD: CVE-2015-0727

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-235

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201505-235

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002702

PATCH

title:

38788

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=38788

Trust: 0.8

sources: JVNDB: JVNDB-2015-002702

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0727	Trust: 2.8
db:	SECTRACK	id:	1032326	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-002702	Trust: 0.8
db:	CNNVD	id:	CNNVD-201505-235	Trust: 0.7
db:	SECUNIA	id:	64505	Trust: 0.6
db:	BID	id:	74680	Trust: 0.4
db:	VULHUB	id:	VHN-78673	Trust: 0.1

sources: VULHUB: VHN-78673 // BID: 74680 // JVNDB: JVNDB-2015-002702 // CNNVD: CNNVD-201505-235 // NVD: CVE-2015-0727

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=38788	Trust: 2.0
url:	http://www.securitytracker.com/id/1032326	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0727	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0727	Trust: 0.8
url:	http://secunia.com/advisories/64505	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-78673 // BID: 74680 // JVNDB: JVNDB-2015-002702 // CNNVD: CNNVD-201505-235 // NVD: CVE-2015-0727

CREDITS

Cisco

Trust: 0.3

sources: BID: 74680

SOURCES

db:	VULHUB	id:	VHN-78673
db:	BID	id:	74680
db:	JVNDB	id:	JVNDB-2015-002702
db:	CNNVD	id:	CNNVD-201505-235
db:	NVD	id:	CVE-2015-0727

LAST UPDATE DATE

2024-11-23T22:22:55.093000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78673	date:	2017-01-06T00:00:00
db:	BID	id:	74680	date:	2015-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-002702	date:	2015-05-19T00:00:00
db:	CNNVD	id:	CNNVD-201505-235	date:	2015-05-15T00:00:00
db:	NVD	id:	CVE-2015-0727	date:	2024-11-21T02:23:36.637

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78673	date:	2015-05-15T00:00:00
db:	BID	id:	74680	date:	2015-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-002702	date:	2015-05-19T00:00:00
db:	CNNVD	id:	CNNVD-201505-235	date:	2015-05-15T00:00:00
db:	NVD	id:	CVE-2015-0727	date:	2015-05-15T01:59:04.127