Lucene search

MitreCVE-2007-5058

HistorySep 24, 2007 - 10:17 p.m.

CVE-2007-5058

2007-09-2422:17:00

CWE-79

mitre

web.nvd.nist.gov

cve-2007-5058

xss

vulnerability

barracuda spam firewall

web administration

remote attackers

web script

html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.042

Percentile

92.4%

JSON

Cross-site scripting (XSS) vulnerability in the Web administration interface in Barracuda Spam Firewall before firmware 3.5.10.016 allows remote attackers to inject arbitrary web script or HTML via the username field in a login attempt, which is not properly handled when the Monitor Web Syslog screen is open.

Affected configurations

Nvd

Node

barracuda_networksbarracuda_spam_firewallRange≤3.4.10.102

VendorProductVersionCPE
barracuda_networksbarracuda_spam_firewall*cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
barracuda_networks	barracuda_spam_firewall	*	cpe:2.3:h:barracuda_networks:barracuda_spam_firewall::::::::

References

osvdb.org/38156

secunia.com/advisories/26937

securityreason.com/securityalert/3164

www.barracudanetworks.com/ns/support/tech_alert.php

www.infobyte.com.ar/adv/ISR-15.html

www.securityfocus.com/archive/1/480238/100/0/threaded

www.securityfocus.com/bid/25757

www.securitytracker.com/id?1018733

www.vupen.com/english/advisories/2007/3257

exchange.xforce.ibmcloud.com/vulnerabilities/36716

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.042

Percentile

92.4%

JSON

Related for CVE-2007-5058