Details of VAR-201505-0179

ID

VAR-201505-0179

CVE

CVE-2015-0734

TITLE

Cisco E Email Security Appliance cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002700

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Email Security Appliance (ESA) 8.5.6-106 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCut87743. Cisco E Email Security The appliance (ESA) Contains a cross-site scripting vulnerability. The device provides spam protection, email encryption, and data loss prevention. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue being tracked by Cisco Bug ID CSCut87743

Trust: 2.61

sources: NVD: CVE-2015-0734 // JVNDB: JVNDB-2015-002700 // CNVD: CNVD-2015-03361 // BID: 74675 // VULHUB: VHN-78680 // VULMON: CVE-2015-0734

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-03361

AFFECTED PRODUCTS

vendor:	cisco	model:	email security appliance	scope:	eq	version:	8.5.6-106	Trust: 3.1
vendor:	cisco	model:	e email security the appliance	scope:	eq	version:	8.5.6-106	Trust: 0.8

sources: CNVD: CNVD-2015-03361 // BID: 74675 // JVNDB: JVNDB-2015-002700 // CNNVD: CNNVD-201505-237 // NVD: CVE-2015-0734

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0734
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0734
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-03361
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201505-237
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78680
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-0734
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0734
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2015-03361
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-78680
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-03361 // VULHUB: VHN-78680 // VULMON: CVE-2015-0734 // JVNDB: JVNDB-2015-002700 // CNNVD: CNNVD-201505-237 // NVD: CVE-2015-0734

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-78680 // JVNDB: JVNDB-2015-002700 // NVD: CVE-2015-0734

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-237

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201505-237

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002700

PATCH

title:	38866	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=38866	Trust: 0.8
title:	Patch for multiple cross-site scripting vulnerabilities in the Cisco Email Security Appliance	url:	https://www.cnvd.org.cn/patchInfo/show/58927	Trust: 0.6

sources: CNVD: CNVD-2015-03361 // JVNDB: JVNDB-2015-002700

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0734	Trust: 3.5
db:	SECTRACK	id:	1032333	Trust: 1.2
db:	JVNDB	id:	JVNDB-2015-002700	Trust: 0.8
db:	CNNVD	id:	CNNVD-201505-237	Trust: 0.7
db:	CNVD	id:	CNVD-2015-03361	Trust: 0.6
db:	BID	id:	74675	Trust: 0.4
db:	VULHUB	id:	VHN-78680	Trust: 0.1
db:	VULMON	id:	CVE-2015-0734	Trust: 0.1

sources: CNVD: CNVD-2015-03361 // VULHUB: VHN-78680 // VULMON: CVE-2015-0734 // BID: 74675 // JVNDB: JVNDB-2015-002700 // CNNVD: CNNVD-201505-237 // NVD: CVE-2015-0734

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=38866	Trust: 2.7
url:	http://www.securitytracker.com/id/1032333	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0734	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0734	Trust: 0.8
url:	http://www.cisco.com/c/en/us/products/security/email-security-appliance/index.html	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2015-03361 // VULHUB: VHN-78680 // VULMON: CVE-2015-0734 // BID: 74675 // JVNDB: JVNDB-2015-002700 // CNNVD: CNNVD-201505-237 // NVD: CVE-2015-0734

CREDITS

Cisco

Trust: 0.3

sources: BID: 74675

SOURCES

db:	CNVD	id:	CNVD-2015-03361
db:	VULHUB	id:	VHN-78680
db:	VULMON	id:	CVE-2015-0734
db:	BID	id:	74675
db:	JVNDB	id:	JVNDB-2015-002700
db:	CNNVD	id:	CNNVD-201505-237
db:	NVD	id:	CVE-2015-0734

LAST UPDATE DATE

2024-11-23T22:27:10.172000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-03361	date:	2015-05-27T00:00:00
db:	VULHUB	id:	VHN-78680	date:	2018-10-30T00:00:00
db:	VULMON	id:	CVE-2015-0734	date:	2018-10-30T00:00:00
db:	BID	id:	74675	date:	2015-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2015-002700	date:	2015-05-19T00:00:00
db:	CNNVD	id:	CNNVD-201505-237	date:	2015-05-15T00:00:00
db:	NVD	id:	CVE-2015-0734	date:	2024-11-21T02:23:37.377

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-03361	date:	2015-05-27T00:00:00
db:	VULHUB	id:	VHN-78680	date:	2015-05-15T00:00:00
db:	VULMON	id:	CVE-2015-0734	date:	2015-05-15T00:00:00
db:	BID	id:	74675	date:	2015-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2015-002700	date:	2015-05-19T00:00:00
db:	CNNVD	id:	CNNVD-201505-237	date:	2015-05-15T00:00:00
db:	NVD	id:	CVE-2015-0734	date:	2015-05-15T01:59:06.143