Sign-up

ID

VAR-201505-0182


CVE

CVE-2015-0738


TITLE

Cisco Web Security Appliance device Web Tracking Report Page cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002715

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the Web Tracking Report page on Cisco Web Security Appliance (WSA) devices 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCuu16008. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue being tracked by Cisco Bug ID CSCuu16008. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation

Trust: 1.98

sources: NVD: CVE-2015-0738 // JVNDB: JVNDB-2015-002715 // BID: 74696 // VULHUB: VHN-78684

AFFECTED PRODUCTS

vendor:ciscomodel:web security appliancescope:eqversion:8.5.0-497

Trust: 1.9

vendor:ciscomodel:web security the appliancescope:eqversion:8.5.0-497

Trust: 0.8

sources: BID: 74696 // JVNDB: JVNDB-2015-002715 // CNNVD: CNNVD-201505-261 // NVD: CVE-2015-0738

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0738
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0738
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201505-261
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78684
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0738
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78684
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78684 // JVNDB: JVNDB-2015-002715 // CNNVD: CNNVD-201505-261 // NVD: CVE-2015-0738

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-78684 // JVNDB: JVNDB-2015-002715 // NVD: CVE-2015-0738

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-261

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201505-261

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002715

PATCH
title:38884url:http://tools.cisco.com/security/center/viewAlert.x?alertId=38884
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002715

EXTERNAL IDS
db:NVDid:CVE-2015-0738
Trust: 2.8
db:SECTRACKid:1032349
Trust: 1.1
db:JVNDBid:JVNDB-2015-002715
Trust: 0.8
db:CNNVDid:CNNVD-201505-261
Trust: 0.6
db:BIDid:74696
Trust: 0.4
db:VULHUBid:VHN-78684
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78684 // 
            
            
            
            BID: 74696 // 
            
            
            
            JVNDB: JVNDB-2015-002715 // 
            
            
            
            CNNVD: CNNVD-201505-261 // 
            
            
            
            NVD: CVE-2015-0738

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=38884
Trust: 2.0
url:http://www.securitytracker.com/id/1032349
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0738
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0738
Trust: 0.8
url:http://www.cisco.com/en/us/products/ps10164/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78684 // 
            
            
            
            BID: 74696 // 
            
            
            
            JVNDB: JVNDB-2015-002715 // 
            
            
            
            CNNVD: CNNVD-201505-261 // 
            
            
            
            NVD: CVE-2015-0738

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 74696

SOURCES
db:VULHUBid:VHN-78684
db:BIDid:74696
db:JVNDBid:JVNDB-2015-002715
db:CNNVDid:CNNVD-201505-261
db:NVDid:CVE-2015-0738

LAST UPDATE DATE
2024-11-23T22:52:44.468000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78684date:2017-01-06T00:00:00
db:BIDid:74696date:2015-05-15T00:00:00
db:JVNDBid:JVNDB-2015-002715date:2015-05-19T00:00:00
db:CNNVDid:CNNVD-201505-261date:2015-05-18T00:00:00
db:NVDid:CVE-2015-0738date:2024-11-21T02:23:37.793

SOURCES RELEASE DATE
db:VULHUBid:VHN-78684date:2015-05-17T00:00:00
db:BIDid:74696date:2015-05-15T00:00:00
db:JVNDBid:JVNDB-2015-002715date:2015-05-19T00:00:00
db:CNNVDid:CNNVD-201505-261date:2015-05-18T00:00:00
db:NVDid:CVE-2015-0738date:2015-05-17T01:59:02.113