Lucene search

[email protected]CVE-2008-2167

HistoryMay 13, 2008 - 8:20 p.m.

CVE-2008-2167

2008-05-1320:20:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-2167

cross-site scripting

xss

zyxel zywall 100

referer header

404 error page

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.876 High

EPSS

Percentile

98.7%

JSON

Cross-site scripting (XSS) vulnerability in ZyXEL ZyWALL 100 allows remote attackers to inject arbitrary web script or HTML via the Referer header, which is not properly handled in a 404 Error page.

Affected configurations

NVD

Node

zyxelzywall_100

CPENameOperatorVersion
zyxel:zywall_100zyxel zywall 100eq*

CPE	Name	Operator	Version
zyxel:zywall_100	zyxel zywall 100	eq	*

References

lists.grok.org.uk/pipermail/full-disclosure/2008-May/062152.html

secunia.com/advisories/30142

securityreason.com/securityalert/3869

www.securityfocus.com/archive/1/491818/100/0/threaded

www.securityfocus.com/bid/29110

www.securitytracker.com/id?1020000

www.vupen.com/english/advisories/2008/1501/references

exchange.xforce.ibmcloud.com/vulnerabilities/42282

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.876 High

EPSS

Percentile

98.7%

JSON

Related for CVE-2008-2167

cvelist1 prion1 nvd1