ID
VAR-201508-0133
CVE
CVE-2015-6511
TITLE
pfSense Vulnerable to cross-site scripting
Trust: 0.8
sources:
JVNDB: JVNDB-2015-004307
DESCRIPTION
Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the server[] parameter to services_ntpd.php. Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing
Trust: 2.16
sources:
NVD: CVE-2015-6511 //
JVNDB: JVNDB-2015-004307 //
CNVD: CNVD-2015-05674
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2015-05674
AFFECTED PRODUCTS
| vendor: | netgate | model: | pfsense | scope: | lte | version: | 2.2.2 | Trust: 1.0 |
| vendor: | electric sheep fencing | model: | pfsense | scope: | lt | version: | 2.2.3 | Trust: 0.8 |
| vendor: | electric | model: | sheep fencing llc. pfsense | scope: | lt | version: | 2.2.3 | Trust: 0.6 |
| vendor: | pfsense | model: | pfsense | scope: | eq | version: | 2.2.2 | Trust: 0.6 |
sources:
CNVD: CNVD-2015-05674 //
JVNDB: JVNDB-2015-004307 //
CNNVD: CNNVD-201508-412 //
NVD: CVE-2015-6511
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2015-05674 //
JVNDB: JVNDB-2015-004307 //
CNNVD: CNNVD-201508-412 //
NVD: CVE-2015-6511
PROBLEMTYPE DATA
| problemtype: | CWE-79 | Trust: 1.8 |
sources:
JVNDB: JVNDB-2015-004307 //
NVD: CVE-2015-6511
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201508-412
TYPE
XSS
Trust: 0.6
sources:
CNNVD: CNNVD-201508-412
CONFIGURATIONS
sources:
JVNDB: JVNDB-2015-004307
PATCH
| title: | pfSense-SA-15_06.webgui | url: | https://www.pfsense.org/security/advisories/pfSense-SA-15_06.webgui.asc | Trust: 0.8 |
| title: | Patch for Electric Sheep Fencing pfsense Cross-Site Scripting Vulnerability (CNVD-2015-05674) | url: | https://www.cnvd.org.cn/patchInfo/show/63147 | Trust: 0.6 |
| title: | Electric Sheep Fencing pfsense Fixes for cross-site scripting vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93074 | Trust: 0.6 |
sources:
CNVD: CNVD-2015-05674 //
JVNDB: JVNDB-2015-004307 //
CNNVD: CNNVD-201508-412
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-6511 | Trust: 3.0 |
| db: | JVNDB | id: | JVNDB-2015-004307 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2015-05674 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201508-412 | Trust: 0.6 |
sources:
CNVD: CNVD-2015-05674 //
JVNDB: JVNDB-2015-004307 //
CNNVD: CNNVD-201508-412 //
NVD: CVE-2015-6511
REFERENCES
| url: | https://www.pfsense.org/security/advisories/pfsense-sa-15_06.webgui.asc | Trust: 2.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6511 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6511 | Trust: 0.8 |
sources:
CNVD: CNVD-2015-05674 //
JVNDB: JVNDB-2015-004307 //
CNNVD: CNNVD-201508-412 //
NVD: CVE-2015-6511
SOURCES
| db: | CNVD | id: | CNVD-2015-05674 |
| db: | JVNDB | id: | JVNDB-2015-004307 |
| db: | CNNVD | id: | CNNVD-201508-412 |
| db: | NVD | id: | CVE-2015-6511 |
LAST UPDATE DATE
2024-11-23T21:43:58.567000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2015-05674 | date: | 2015-08-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-004307 | date: | 2015-08-24T00:00:00 |
| db: | CNNVD | id: | CNNVD-201508-412 | date: | 2019-05-31T00:00:00 |
| db: | NVD | id: | CVE-2015-6511 | date: | 2024-11-21T02:35:07.300 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2015-05674 | date: | 2015-08-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-004307 | date: | 2015-08-24T00:00:00 |
| db: | CNNVD | id: | CNNVD-201508-412 | date: | 2015-08-19T00:00:00 |
| db: | NVD | id: | CVE-2015-6511 | date: | 2015-08-18T15:59:10.923 |