Sign-up

ID

VAR-202002-0837


CVE

CVE-2014-2595


TITLE

Barracuda Web Application Firewall Session deadline vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2014-008917

DESCRIPTION

Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string. (DoS) It may be put into a state. Barracuda Web Application Firewall is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain access to the appliance. This may aid in further attacks. Barracuda Web Application Firewall 7.8.1.013 is vulnerable; other versions may also be affected. A code issue vulnerability exists in version 7.8.1.013 of Barracuda Networks Barracuda WAF

Trust: 1.98

sources: NVD: CVE-2014-2595 // JVNDB: JVNDB-2014-008917 // BID: 69028 // VULHUB: VHN-70534

AFFECTED PRODUCTS

vendor:barracudamodel:web application firewallscope:eqversion:7.8.1.013

Trust: 2.1

sources: BID: 69028 // JVNDB: JVNDB-2014-008917 // NVD: CVE-2014-2595

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2595
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2014-008917
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201408-068
value: CRITICAL

Trust: 0.6

VULHUB: VHN-70534
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-2595
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2014-008917
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-70534
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-2595
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2014-008917
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-70534 // JVNDB: JVNDB-2014-008917 // CNNVD: CNNVD-201408-068 // NVD: CVE-2014-2595

PROBLEMTYPE DATA

problemtype:CWE-613

Trust: 1.9

sources: VULHUB: VHN-70534 // JVNDB: JVNDB-2014-008917 // NVD: CVE-2014-2595

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-068

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201408-068

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008917

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-70534

PATCH
title:Barracuda Web Application Firewallurl:https://www.barracuda.com/products/webapplicationfirewall
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-008917

EXTERNAL IDS
db:NVDid:CVE-2014-2595
Trust: 2.8
db:PACKETSTORMid:127740
Trust: 2.5
db:BIDid:69028
Trust: 2.0
db:EXPLOIT-DBid:39278
Trust: 1.7
db:OSVDBid:109782
Trust: 1.7
db:JVNDBid:JVNDB-2014-008917
Trust: 0.8
db:CNNVDid:CNNVD-201408-068
Trust: 0.7
db:VULHUBid:VHN-70534
Trust: 0.1
sources:
            
            
            VULHUB: VHN-70534 // 
            
            
            
            BID: 69028 // 
            
            
            
            JVNDB: JVNDB-2014-008917 // 
            
            
            
            CNNVD: CNNVD-201408-068 // 
            
            
            
            NVD: CVE-2014-2595

REFERENCES
url:http://packetstormsecurity.com/files/127740/barracuda-waf-authentication-bypass.html
Trust: 2.5
url:https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/
Trust: 2.0
url:http://seclists.org/fulldisclosure/2014/aug/5
Trust: 1.7
url:http://www.osvdb.org/109782
Trust: 1.7
url:https://vulners.com/securityvulns/securityvulns:doc:31004
Trust: 1.7
url:https://www.exploit-db.com/exploits/39278
Trust: 1.7
url:https://www.securityfocus.com/bid/69028
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2595
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2014-2595
Trust: 0.8
url:http://www.barracudanetworks.com/ns/products/web-site-firewall-overview.php
Trust: 0.3
sources:
            
            
            VULHUB: VHN-70534 // 
            
            
            
            BID: 69028 // 
            
            
            
            JVNDB: JVNDB-2014-008917 // 
            
            
            
            CNNVD: CNNVD-201408-068 // 
            
            
            
            NVD: CVE-2014-2595

CREDITS
Nick Hayes
Trust: 0.9
sources:
            
            
            BID: 69028 // 
            
            
            
            CNNVD: CNNVD-201408-068

SOURCES
db:VULHUBid:VHN-70534
db:BIDid:69028
db:JVNDBid:JVNDB-2014-008917
db:CNNVDid:CNNVD-201408-068
db:NVDid:CVE-2014-2595

LAST UPDATE DATE
2024-11-23T22:29:46.484000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-70534date:2020-02-20T00:00:00
db:BIDid:69028date:2015-03-19T08:31:00
db:JVNDBid:JVNDB-2014-008917date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-201408-068date:2020-03-02T00:00:00
db:NVDid:CVE-2014-2595date:2024-11-21T02:06:36.007

SOURCES RELEASE DATE
db:VULHUBid:VHN-70534date:2020-02-12T00:00:00
db:BIDid:69028date:2014-08-04T00:00:00
db:JVNDBid:JVNDB-2014-008917date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-201408-068date:2014-08-06T00:00:00
db:NVDid:CVE-2014-2595date:2020-02-12T01:15:10.547