Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:3326
HistoryMay 24, 2008 - 12:00 a.m.

Barracuda垃圾邮件防火墙ldap_test.cgi跨站脚本漏洞

2008-05-2400:00:00
Root
www.seebug.org
18

0.004 Low

EPSS

Percentile

74.9%

JSON

BUGTRAQ ID: 29340
CVE(CAN) ID: CVE-2008-2333

Barracuda Spam Firewall是用于保护邮件服务器的集成硬件和软件垃圾邮件解决方案。

Barracuda垃圾邮件防火墙设备的web管理接口存在跨站脚本漏洞,Barracuda设备通过ldap_test.cgi脚本提供LDAP测试功能,这个脚本没有充分的验证用户在email参数中所提供的输入,远程攻击者可以通过向管理接口提交恶意参数执行跨站脚本攻击,导致在浏览器中以Barracuda设备的权限执行任意代码。

Barracuda Networks Barracuda Spam Firewall < 3.5.11.025
Barracuda Networks

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://www.barracudanetworks.com/ns/products/spam_overview.php” target=“_blank”>http://www.barracudanetworks.com/ns/products/spam_overview.php</a>


                                                https://&lt;vulnerable_host&gt;/cgi-bin/ldap_test.cgi?host=127.0.0.1&amp;port=1&amp;tls_mode=tls_mode&amp;tls_require=&amp;username=&amp;password=&amp;filter=&amp;searchbase=&amp;unique_attr=&amp;email_attr=&amp;domain=*&amp;email=%3Cscript%3Ealert(d

Related

cve 1
nvd 1
nessus 1
cvelist 1
prion 1
securityvulns 1
packetstorm 1
cve
cve
CVE-2008-2333
2008-05-23 15:32:00
nvd
nvd
CVE-2008-2333
2008-05-23 15:32:00
nessus
nessus
Barracuda Spam Firewall cgi-bin/ldap_test.cgi email Parameter XSS
2008-05-23 00:00:00
cvelist
cvelist
CVE-2008-2333
2008-05-23 15:00:00
prion
prion
Cross site scripting
2008-05-23 15:32:00
securityvulns
securityvulns
IRM Security Advisory : Barracuda Networks Spam Firewall Cross-Site Scripting Vulnerability
2008-05-24 00:00:00
packetstorm
packetstorm
barracuda-xss.txt
2008-05-22 00:00:00

0.004 Low

EPSS

Percentile

74.9%

JSON
Related for SSV:3326
cve1nvd1nessus1cvelist1prion1securityvulns1packetstorm1