CVE-2009-1162

Cross-site scripting (XSS) vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://osvdb.org/54884
http://secunia.com/advisories/34895	Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=18365	Vendor Advisory
http://www.securityfocus.com/bid/35203
http://www.securitytracker.com/id?1022335
https://exchange.xforce.ibmcloud.com/vulnerabilities/50948

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:cisco:ironport_asyncos:6.0.0-754:::::::*
	cpe:2.3:o:cisco:ironport_asyncos:6.0.0-757:::::::*
	cpe:2.3:o:cisco:ironport_asyncos:6.1.0-301:::::::*
	cpe:2.3:o:cisco:ironport_asyncos:6.1.0-304:::::::*
	cpe:2.3:o:cisco:ironport_asyncos:6.1.0-306:::::::*
	cpe:2.3:o:cisco:ironport_asyncos:6.1.0-307:::::::*
	cpe:2.3:o:cisco:ironport_asyncos:6.1.5-110:::::::*
	cpe:2.3:o:cisco:ironport_asyncos:6.1.6-003:::::::*
	cpe:2.3:o:cisco:ironport_asyncos:6.3.5-003:::::::*
	cpe:2.3:o:cisco:ironport_asyncos:6.3.6-003:::::::*
	cpe:2.3:o:cisco:ironport_asyncos:6.5.0-405:::::::*
	cpe:2.3:o:cisco:ironport_asyncos:6.5.1-005:::::::*
	cpe:2.3:o:cisco:ironport_asyncos:6.6.4.0-273:::::::*

OR	cpe:2.3:h:cisco:ironport_email_security_appliances::c::::::*
	cpe:2.3:h:cisco:ironport_email_security_appliances::m::::::*
	cpe:2.3:h:cisco:ironport_email_security_appliances::x::::::*

History

No history.

Information

Published : 2009-06-05 16:00

Updated : 2024-02-28 11:21

NVD link : CVE-2009-1162

Mitre link : CVE-2009-1162

CVE.ORG link : CVE-2009-1162

JSON object : View

Products Affected

cisco

ironport_email_security_appliances
ironport_asyncos

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2009-1162", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-06-05T16:00:00.280", "references": [{"url": "http://osvdb.org/54884", "source": "ykramarz@cisco.com"}, {"url": "http://secunia.com/advisories/34895", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18365", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/35203", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id?1022335", "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50948", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la p\u00e1gina de login Spam Quarantine en Cisco IronPort AsyncOS anterior a v6.5.2 en las Series C, M y X, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"referer\"."}], "lastModified": "2017-08-17T01:30:12.850", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.0.0-754:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "477A66C5-9B97-4363-8374-7AAD50A6203A"}, {"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.0.0-757:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01DB8C2D-5C38-4171-AE6F-FB224AEC3225"}, {"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.1.0-301:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1913AA9-2FF7-43BF-902A-A0730D375580"}, {"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.1.0-304:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22339A19-2486-4916-B63F-8D0095CE2CAE"}, {"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.1.0-306:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD01E9B8-6787-4658-9E45-2B4916BB0409"}, {"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.1.0-307:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30A807C2-CE36-4760-BC2A-D9A6AEA1D65B"}, {"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.1.5-110:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5134EEAA-DE71-4283-B3D3-2923749EE92D"}, {"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.1.6-003:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEB855ED-197C-4CAC-A5B8-E02D598320EE"}, {"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.3.5-003:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F99C6CBC-4044-45A1-B79C-C54E4A13F41B"}, {"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.3.6-003:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29EB3C86-E8EF-4AE2-A8DC-C0B912F27F0D"}, {"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.5.0-405:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4716DAB7-C9E9-47DE-946B-B5B8F0768985"}, {"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.5.1-005:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F240870-D97A-458A-9485-24CAD3816E68"}, {"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.6.4.0-273:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5A6548C-217F-4496-8DF2-4EF2A775BF7D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ironport_email_security_appliances:*:c:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9211A16-3F60-4FEF-9164-93A8DC447A76"}, {"criteria": "cpe:2.3:h:cisco:ironport_email_security_appliances:*:m:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "202BD85B-AE22-4638-A344-E5C75C4CC243"}, {"criteria": "cpe:2.3:h:cisco:ironport_email_security_appliances:*:x:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79F52D0C-C0D9-4802-9A07-968F6F68C038"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}