Sign-up

ID

VAR-201508-0372


CVE

CVE-2015-4029


TITLE

Electric Sheep Fencing Pfsense WebGUI Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-05671 // CNNVD: CNNVD-201507-677

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the WebGUI in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the zone parameter in a del action to services_captiveportal_zones.php. Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing. Electric Sheep Fencing pfSense A cross-site scripting vulnerability exists in WebGUI versions prior to 2.2.3. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

Trust: 2.43

sources: NVD: CVE-2015-4029 // JVNDB: JVNDB-2015-004303 // CNVD: CNVD-2015-05671 // BID: 75907

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-05671

AFFECTED PRODUCTS

vendor:netgatemodel:pfsensescope:lteversion:2.2.2

Trust: 1.0

vendor:pfsensemodel:pfsensescope:eqversion:2.2.2

Trust: 0.9

vendor:electric sheep fencingmodel:pfsensescope:ltversion:2.2.3

Trust: 0.8

vendor:electricmodel:sheep fencing llc. pfsensescope:ltversion:2.2.3

Trust: 0.6

vendor:pfsensemodel:pfsensescope:neversion:2.2.3

Trust: 0.3

sources: CNVD: CNVD-2015-05671 // BID: 75907 // JVNDB: JVNDB-2015-004303 // CNNVD: CNNVD-201507-677 // NVD: CVE-2015-4029

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4029
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4029
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-05671
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201507-677
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2015-4029
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-05671
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2015-05671 // JVNDB: JVNDB-2015-004303 // CNNVD: CNNVD-201507-677 // NVD: CVE-2015-4029

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2015-004303 // NVD: CVE-2015-4029

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-677

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201507-677

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004303

PATCH
title:pfSense-SA-15_06.webguiurl:https://www.pfsense.org/security/advisories/pfSense-SA-15_06.webgui.asc
Trust: 0.8
title:Electric Sheep Fencing Pfsense WebGUI Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93070
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-004303 // 
            
            
            
            CNNVD: CNNVD-201507-677

EXTERNAL IDS
db:NVDid:CVE-2015-4029
Trust: 3.3
db:JVNDBid:JVNDB-2015-004303
Trust: 0.8
db:CNVDid:CNVD-2015-05671
Trust: 0.6
db:CNNVDid:CNNVD-201507-677
Trust: 0.6
db:BIDid:75907
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-05671 // 
            
            
            
            BID: 75907 // 
            
            
            
            JVNDB: JVNDB-2015-004303 // 
            
            
            
            CNNVD: CNNVD-201507-677 // 
            
            
            
            NVD: CVE-2015-4029

REFERENCES
url:http://seclists.org/fulldisclosure/2015/jul/66
Trust: 2.5
url:https://www.pfsense.org/security/advisories/pfsense-sa-15_06.webgui.asc
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4029
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4029
Trust: 0.8
url:http://www.pfsense.org/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-05671 // 
            
            
            
            BID: 75907 // 
            
            
            
            JVNDB: JVNDB-2015-004303 // 
            
            
            
            CNNVD: CNNVD-201507-677 // 
            
            
            
            NVD: CVE-2015-4029

CREDITS
William Costa
Trust: 0.9
sources:
            
            
            BID: 75907 // 
            
            
            
            CNNVD: CNNVD-201507-677

SOURCES
db:CNVDid:CNVD-2015-05671
db:BIDid:75907
db:JVNDBid:JVNDB-2015-004303
db:CNNVDid:CNNVD-201507-677
db:NVDid:CVE-2015-4029

LAST UPDATE DATE
2024-11-23T22:34:57.073000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-05671date:2015-08-27T00:00:00
db:BIDid:75907date:2015-07-13T00:00:00
db:JVNDBid:JVNDB-2015-004303date:2015-08-24T00:00:00
db:CNNVDid:CNNVD-201507-677date:2019-05-31T00:00:00
db:NVDid:CVE-2015-4029date:2024-11-21T02:30:18.383

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-05671date:2015-08-27T00:00:00
db:BIDid:75907date:2015-07-13T00:00:00
db:JVNDBid:JVNDB-2015-004303date:2015-08-24T00:00:00
db:CNNVDid:CNNVD-201507-677date:2015-07-21T00:00:00
db:NVDid:CVE-2015-4029date:2015-08-18T15:59:00.097