Sign-up

ID

VAR-202001-0111


CVE

CVE-2012-1316


TITLE

Cisco IronPort Web Security Appliance Vulnerabilities in certificate validation

Trust: 0.8

sources: JVNDB: JVNDB-2012-006563

DESCRIPTION

Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks. Cisco IronPort WSA failed to revoke certificates through the CRL (Certificate Revocation List) or OCSP (Online Certificate Status Protocol) standards. Even if the client certificate can be created under the proxy CA context if the server-side certificate is revoked, an attacker could exploit this vulnerability to perform a MITM attack using the revoked certificate. Successfully exploiting these issues will allow attackers to bypass security restrictions and perform unauthorized actions. The program offers features such as Web Reputation Filter (WBRS) and anti-malware scanning engine.   A successful exploitation could allow the malicious user to access sensitive information using man-in-the-middle attacks. Proof-of-concept code that exploits this vulnerability is publicly available. Cisco has not confirmed the vulnerability and software updates are not available

Trust: 2.61

sources: NVD: CVE-2012-1316 // JVNDB: JVNDB-2012-006563 // CNVD: CNVD-2012-1838 // BID: 52981 // VULHUB: VHN-54597 // VULMON: CVE-2012-1316

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-1838

AFFECTED PRODUCTS

vendor:ciscomodel:ironport web security appliancescope:eqversion: -

Trust: 1.0

vendor:ciscomodel:ironport web security appliancescope: - version: -

Trust: 0.8

vendor:ciscomodel:ironport web security appliancescope:eqversion:7.x

Trust: 0.6

sources: CNVD: CNVD-2012-1838 // JVNDB: JVNDB-2012-006563 // NVD: CVE-2012-1316

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-1316
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-1316
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201204-136
value: MEDIUM

Trust: 0.6

VULHUB: VHN-54597
value: MEDIUM

Trust: 0.1

VULMON: CVE-2012-1316
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-1316
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-54597
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2012-1316
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2012-1316
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-54597 // VULMON: CVE-2012-1316 // JVNDB: JVNDB-2012-006563 // CNNVD: CNNVD-201204-136 // NVD: CVE-2012-1316

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.9

sources: VULHUB: VHN-54597 // JVNDB: JVNDB-2012-006563 // NVD: CVE-2012-1316

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201204-136

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201204-136

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-006563

PATCH
title:Top Pageurl:https://www.cisco.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-006563

EXTERNAL IDS
db:NVDid:CVE-2012-1316
Trust: 3.5
db:BIDid:52981
Trust: 2.1
db:JVNDBid:JVNDB-2012-006563
Trust: 0.8
db:CNNVDid:CNNVD-201204-136
Trust: 0.7
db:CNVDid:CNVD-2012-1838
Trust: 0.6
db:VULHUBid:VHN-54597
Trust: 0.1
db:VULMONid:CVE-2012-1316
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-1838 // 
            
            
            
            VULHUB: VHN-54597 // 
            
            
            
            VULMON: CVE-2012-1316 // 
            
            
            
            BID: 52981 // 
            
            
            
            JVNDB: JVNDB-2012-006563 // 
            
            
            
            CNNVD: CNNVD-201204-136 // 
            
            
            
            NVD: CVE-2012-1316

REFERENCES
url:https://www.secureworks.com/research/transitive-trust
Trust: 2.6
url:http://www.securityfocus.com/bid/52981
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2012-1316
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1316
Trust: 0.8
url:http://www.secureworks.com/research/threats/transitive-trust/http
Trust: 0.6
url:http://www.cisco.com/en/us/products/ps10164/index.html
Trust: 0.3
url:http://www.secureworks.com/research/threats/transitive-trust/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/295.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=25647
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-1838 // 
            
            
            
            VULHUB: VHN-54597 // 
            
            
            
            VULMON: CVE-2012-1316 // 
            
            
            
            BID: 52981 // 
            
            
            
            JVNDB: JVNDB-2012-006563 // 
            
            
            
            CNNVD: CNNVD-201204-136 // 
            
            
            
            NVD: CVE-2012-1316

CREDITS
Jeff Jarmoc
Trust: 0.3
sources:
            
            
            BID: 52981

SOURCES
db:CNVDid:CNVD-2012-1838
db:VULHUBid:VHN-54597
db:VULMONid:CVE-2012-1316
db:BIDid:52981
db:JVNDBid:JVNDB-2012-006563
db:CNNVDid:CNNVD-201204-136
db:NVDid:CVE-2012-1316

LAST UPDATE DATE
2024-08-14T13:25:09.377000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-1838date:2012-04-12T00:00:00
db:VULHUBid:VHN-54597date:2020-01-23T00:00:00
db:VULMONid:CVE-2012-1316date:2020-01-23T00:00:00
db:BIDid:52981date:2012-04-11T00:00:00
db:JVNDBid:JVNDB-2012-006563date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-201204-136date:2020-05-09T00:00:00
db:NVDid:CVE-2012-1316date:2020-01-23T03:24:27.427

SOURCES RELEASE DATE
db:CNVDid:CNVD-2012-1838date:2012-04-12T00:00:00
db:VULHUBid:VHN-54597date:2020-01-15T00:00:00
db:VULMONid:CVE-2012-1316date:2020-01-15T00:00:00
db:BIDid:52981date:2012-04-11T00:00:00
db:JVNDBid:JVNDB-2012-006563date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-201204-136date:2012-04-12T00:00:00
db:NVDid:CVE-2012-1316date:2020-01-15T14:15:11.623