Lucene search
ProjectDiscoveryNUCLEI:CVE-2015-2863HistorySep 18, 2022 - 9:08 a.m.
Kaseya Virtual System Administrator - Open Redirect
2022-09-1809:08:35
ProjectDiscovery
github.com
10
cve2015
vulnerability
open redirect
phishing
security patches
updates
unspecified vectors
web systems
kaseya
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.3 Medium
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
79.1%
Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
id: CVE-2015-2863
info:
name: Kaseya Virtual System Administrator - Open Redirect
author: 0x_Akoko,AmirHossein Raeisi
severity: medium
description: |
Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
remediation: |
Apply the latest security patches and updates provided by Kaseya to fix the open redirect vulnerability in the Kaseya Virtual System Administrator (VSA).
reference:
- https://github.com/pedrib/PoC/blob/3f927b957b86a91ce65b017c4b9c93d05e241592/advisories/Kaseya/kaseya-vsa-vuln.txt
- http://www.kb.cert.org/vuls/id/919604
- https://nvd.nist.gov/vuln/detail/CVE-2015-2863
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-score: 4.3
cve-id: CVE-2015-2863
cwe-id: CWE-601
epss-score: 0.00626
epss-percentile: 0.76747
cpe: cpe:2.3:a:kaseya:virtual_system_administrator:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: kaseya
product: virtual_system_administrator
tags: cve2015,cve,redirect,kaseya
http:
- method: GET
path:
- '{{BaseURL}}/inc/supportLoad.asp?urlToLoad=http://oast.me'
- '{{BaseURL}}/vsaPres/Web20/core/LocalProxy.ashx?url=http://oast.me'
stop-at-first-match: true
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)oast\.me\/?(\/|[^.].*)?$' # https://regex101.com/r/idfD2e/1
# digest: 490a0046304402204d2a37c6eb68a653c40afd87277f8343eb3e10c0bdd4316cd611f7ebc1e852ba022079d43910950fd7200f43f450956b7541df0fe79b603c2941ddc6ac3e7a2bb177:922c64590222798bb761d5b6d8e72950Related
prion
prion
Open redirect
2015-07-20 23:59:00
cvelist
cvelist
CVE-2015-2863
2015-07-20 23:00:00
cve
cve
CVE-2015-2863
2015-07-20 23:59:01
nvd
nvd
CVE-2015-2863
2015-07-20 23:59:01
cert
cert
Kaseya Virtual System Administrator contains multiple vulnerabilities
2015-07-13 00:00:00
exploitpack
exploitpack
Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (1)
2015-07-15 00:00:00
openvas
openvas
Kaseya Virtual System Administrator Multiple Vulnerabilities - Active Check
2015-07-17 00:00:00
exploitdb
exploitdb
Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (1)
2015-07-15 00:00:00
securityvulns
securityvulns
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.3 Medium
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
79.1%
Related for NUCLEI:CVE-2015-2863