All the vulnerabilites related to cisco - ironport_asyncos
Vulnerability from fkie_nvd
Published
2014-06-10 11:19
Modified
2024-11-21 02:07
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888.
References
ykramarz@cisco.comhttp://packetstormsecurity.com/files/127004/Cisco-Ironport-Email-Security-Virtual-Appliance-8.0.0-671-XSS.html
ykramarz@cisco.comhttp://seclists.org/fulldisclosure/2014/Jun/57Exploit, Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://secunia.com/advisories/58296Permissions Required
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3289Vendor Advisory
ykramarz@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=34569Vendor Advisory
ykramarz@cisco.comhttp://www.kb.cert.org/vuls/id/613308
ykramarz@cisco.comhttp://www.securityfocus.com/bid/67943Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1030407Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/127004/Cisco-Ironport-Email-Security-Virtual-Appliance-8.0.0-671-XSS.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2014/Jun/57Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/58296Permissions Required
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3289Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=34569Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/613308
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/67943Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030407Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
cisco ironport_asyncos *
cisco web_security_appliance -
cisco ironport_asyncos *
cisco content_security_management_appliance -
cisco ironport_asyncos 8.0
cisco email_security_appliance_firmware -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C78051E-27A2-4C27-ADF7-DF0F88A2ECC3",
              "versionEndIncluding": "8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F24CCD0-DFAB-44D9-B29A-A6D925A83C93",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "29C48F63-F950-466B-9647-4482D39A37AB",
              "versionEndIncluding": "8.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:content_security_management_appliance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60635EC8-9AFA-400D-A919-66E60CDEF852",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEBB85CD-0DE0-49CF-80F2-4E343F3E151E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA3A518-E103-4D98-A040-88ED4E0D73CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en la interfaz de gesti\u00f3n web en Cisco AsyncOS en Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) y anteriores y Content Security Management Appliance (SMA) 8.3 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un par\u00e1metro manipulado, tal y como fue demostrado por el par\u00e1metro date_range en monitor/reports/overview en IronPort ESA, tambi\u00e9n conocido como Bug IDs CSCun07998, CSCun07844 y CSCun07888."
    }
  ],
  "id": "CVE-2014-3289",
  "lastModified": "2024-11-21T02:07:47.950",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-06-10T11:19:35.797",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://packetstormsecurity.com/files/127004/Cisco-Ironport-Email-Security-Virtual-Appliance-8.0.0-671-XSS.html"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://seclists.org/fulldisclosure/2014/Jun/57"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://secunia.com/advisories/58296"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3289"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34569"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.kb.cert.org/vuls/id/613308"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/67943"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1030407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/127004/Cisco-Ironport-Email-Security-Virtual-Appliance-8.0.0-671-XSS.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://seclists.org/fulldisclosure/2014/Jun/57"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://secunia.com/advisories/58296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3289"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34569"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.kb.cert.org/vuls/id/613308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/67943"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1030407"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-06-27 21:55
Modified
2024-11-21 01:53
Severity ?
Summary
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL sent over IPv4, aka Bug ID CSCzv69294.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsaVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsaVendor Advisory
Impacted products
Vendor Product Version
cisco ironport_asyncos *
cisco ironport_asyncos 7.5
cisco ironport_asyncos 7.7
cisco web_security_appliance -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFD8A32D-FEF9-45E5-8585-B9745387B28F",
              "versionEndIncluding": "7.1.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8B29C05-CC5F-429F-A77B-73C5D6052C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8784ABD6-7084-4085-ADCE-4FC1BCEBE0FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F24CCD0-DFAB-44D9-B29A-A6D925A83C93",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL sent over IPv4, aka Bug ID CSCzv69294."
    },
    {
      "lang": "es",
      "value": "El framework web de IronPort AsyncOS en dispositivos Cisco Web Security Appliance antes v7.1.3-013, v7.5 antes de v7.5.0-838, y v7.7 antes de v7.7.0-550 permite a los usuarios autenticados remotamente ejecutar c\u00f3digo arbitrario a trav\u00e9s de entrada de l\u00ednea de comandos dise\u00f1ado en una URL, tambi\u00e9n conocido como Bug ID CSCzv69294."
    }
  ],
  "id": "CVE-2013-3383",
  "lastModified": "2024-11-21T01:53:31.633",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-06-27T21:55:06.987",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-06-27 21:55
Modified
2024-11-21 01:53
Severity ?
Summary
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.2.2-110, 7.7 before 7.7.0-213, and 7.8 and 7.9 before 7.9.1-102 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL, aka Bug IDs CSCzv85726, CSCzv44633, and CSCzv24579.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esaVendor Advisory
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-smaVendor Advisory
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsaVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esaVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-smaVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsaVendor Advisory
Impacted products
Vendor Product Version
cisco ironport_asyncos *
cisco ironport_asyncos 7.2
cisco ironport_asyncos 7.3
cisco ironport_asyncos 7.5
cisco ironport_asyncos 7.6
cisco ironport_asyncos 7.7
cisco ironport_asyncos 7.8
cisco ironport_asyncos 7.9
cisco content_security_management -
cisco web_security_appliance -
cisco email_security_appliance_firmware -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFD8A32D-FEF9-45E5-8585-B9745387B28F",
              "versionEndIncluding": "7.1.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3AEF753-45FF-4681-8FEE-ECFAC075B60C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5C0DD8C-4865-46F9-AA25-A468F9DB35F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8B29C05-CC5F-429F-A77B-73C5D6052C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F82B4FD-20BF-49A7-B0EA-8109B0BEA848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8784ABD6-7084-4085-ADCE-4FC1BCEBE0FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "308D3736-3EFD-4183-A852-58ABDBF35B13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DFFBC92-3D52-4FA6-AB46-A774B9A9C6DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:content_security_management:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F1C1929-DBDA-42CE-A497-CAE0540F2174",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F24CCD0-DFAB-44D9-B29A-A6D925A83C93",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA3A518-E103-4D98-A040-88ED4E0D73CC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.2.2-110, 7.7 before 7.7.0-213, and 7.8 and 7.9 before 7.9.1-102 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL, aka Bug IDs CSCzv85726, CSCzv44633, and CSCzv24579."
    },
    {
      "lang": "es",
      "value": "El framework web de IronPort AsyncOS en dispositivos Cisco Web Security Appliance antes v7.1.3-013, v7.5 antes de v7.5.0-838, y v7.7 antes de v7.7.0-550, dispositivos Email Security Appliance antes de v7.1.5-104, v7.3 antes de v7.3.2-026, v7.5 antes v7.5.2-203 y v7.6 antes v7.6.3-019, y dispositivos Content Security Management Appliance antes de v7.2.2-110, v7.7 antes de v7.7.0-213 y v7.8 y v7.9 antes de 7.9.1-102 permite a los usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de entrada de l\u00ednea de comandos dise\u00f1ado en una URL, tambi\u00e9n conocido como Bug ID CSCzv85726, CSCzv44633 y CSCzv24579."
    }
  ],
  "id": "CVE-2013-3384",
  "lastModified": "2024-11-21T01:53:31.753",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-06-27T21:55:07.023",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-06-27 21:55
Modified
2024-11-21 01:53
Severity ?
Summary
The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (system hang) via a series of (1) HTTP or (2) HTTPS requests to a management interface, aka Bug IDs CSCzv58669, CSCzv63329, and CSCzv78669.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-smaVendor Advisory
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-smaVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa
Impacted products
Vendor Product Version
cisco ironport_asyncos *
cisco ironport_asyncos 7.2
cisco ironport_asyncos 7.3
cisco ironport_asyncos 7.5
cisco ironport_asyncos 7.6
cisco ironport_asyncos 7.7
cisco ironport_asyncos 7.8
cisco ironport_asyncos 7.9
cisco content_security_management -
cisco web_security_appliance -
cisco email_security_appliance_firmware -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFD8A32D-FEF9-45E5-8585-B9745387B28F",
              "versionEndIncluding": "7.1.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3AEF753-45FF-4681-8FEE-ECFAC075B60C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5C0DD8C-4865-46F9-AA25-A468F9DB35F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8B29C05-CC5F-429F-A77B-73C5D6052C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F82B4FD-20BF-49A7-B0EA-8109B0BEA848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8784ABD6-7084-4085-ADCE-4FC1BCEBE0FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "308D3736-3EFD-4183-A852-58ABDBF35B13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DFFBC92-3D52-4FA6-AB46-A774B9A9C6DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:content_security_management:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F1C1929-DBDA-42CE-A497-CAE0540F2174",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F24CCD0-DFAB-44D9-B29A-A6D925A83C93",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA3A518-E103-4D98-A040-88ED4E0D73CC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (system hang) via a series of (1) HTTP or (2) HTTPS requests to a management interface, aka Bug IDs CSCzv58669, CSCzv63329, and CSCzv78669."
    },
    {
      "lang": "es",
      "value": "La interfaz de gesti\u00f3n en el framwork web de IronPort AsyncOS en dispositivos Cisco Web Security Appliance antes de v7.1.3-013, antes de v7.5.0-838 v7.5, y v7.7 antes de v7.7.0-602; Email Security Appliance dispositivos antes de v7.1.5-106 y v7.3, v7.5 y v7.6 antes de v7.6.3-019; y dispositivos Content Security Management Appliance antes de v7.9.1-102 y v8.0 antes v8.0.0-404 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (cuelgue del sistema) a trav\u00e9s de una serie de (1) o HTTP (2) solicitudes HTTPS a una interfaz de gesti\u00f3n, tambi\u00e9n conocido como Bug ID CSCzv58669, CSCzv63329 y CSCzv78669."
    }
  ],
  "id": "CVE-2013-3385",
  "lastModified": "2024-11-21T01:53:31.910",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-06-27T21:55:07.057",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-03-21 01:04
Modified
2024-11-21 02:05
Severity ?
Summary
The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncosVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncosVendor Advisory
Impacted products
Vendor Product Version
cisco ironport_asyncos *
cisco ironport_asyncos 8.0
cisco ironport_asyncos 8.0.1
cisco ironport_asyncos 8.1
cisco content_security_management_appliance -
cisco ironport_asyncos *
cisco ironport_asyncos 8.0
cisco ironport_asyncos 8.0.1
cisco email_security_appliance_firmware -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "29D12C74-EB0D-4FE2-936E-06D7080C584A",
              "versionEndIncluding": "7.9.1-039",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEBB85CD-0DE0-49CF-80F2-4E343F3E151E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5165DB3A-40BC-4179-A7DE-92CD2E6784D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CD06A8A-9708-4E53-BEC8-C43938BB336C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:content_security_management_appliance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60635EC8-9AFA-400D-A919-66E60CDEF852",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B88B09B9-3F50-4A40-9F54-D36E8E511F8B",
              "versionEndIncluding": "7.6.2-201",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEBB85CD-0DE0-49CF-80F2-4E343F3E151E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5165DB3A-40BC-4179-A7DE-92CD2E6784D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA3A518-E103-4D98-A040-88ED4E0D73CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118."
    },
    {
      "lang": "es",
      "value": "El servicio End User Safelist/Blocklist (tambi\u00e9n conocido como SLBL) en el software Cisco AsyncOS para Email Security Appliance (ESA) anterior a 7.6.3-023 y 8.x anterior a 8.0.1-023 y Cisco Content Security Management Appliance (SMA) anterior a 7.9.1-110 y 8.x anterior a 8.1.1-013 permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario con privilegios root a trav\u00e9s de una sesi\u00f3n FTP que sube un archivo de base de datos SLBL modificado, tambi\u00e9n conocido como Bug IDs CSCug79377 y CSCug80118."
    }
  ],
  "id": "CVE-2014-2119",
  "lastModified": "2024-11-21T02:05:41.360",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-03-21T01:04:02.937",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncos"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncos"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-06-27 21:55
Modified
2024-11-21 01:53
Severity ?
Summary
The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (service crash or hang) via a high rate of TCP connection attempts, aka Bug IDs CSCzv25573 and CSCzv81712.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esaVendor Advisory
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esaVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma
Impacted products
Vendor Product Version
cisco ironport_asyncos *
cisco ironport_asyncos 7.3
cisco ironport_asyncos 7.5
cisco ironport_asyncos 7.6
cisco ironport_asyncos 7.9
cisco ironport_asyncos 8.0
cisco content_security_management -
cisco email_security_appliance_firmware -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B65E15B-9680-4A77-A579-96F250D1AF88",
              "versionEndIncluding": "7.1.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5C0DD8C-4865-46F9-AA25-A468F9DB35F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8B29C05-CC5F-429F-A77B-73C5D6052C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F82B4FD-20BF-49A7-B0EA-8109B0BEA848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DFFBC92-3D52-4FA6-AB46-A774B9A9C6DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEBB85CD-0DE0-49CF-80F2-4E343F3E151E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:content_security_management:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F1C1929-DBDA-42CE-A497-CAE0540F2174",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA3A518-E103-4D98-A040-88ED4E0D73CC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (service crash or hang) via a high rate of TCP connection attempts, aka Bug IDs CSCzv25573 and CSCzv81712."
    },
    {
      "lang": "es",
      "value": "El componente de IronPort Spam Quarantine (ISQ) en el framework web de IronPort AsyncOS en dispositivos Cisco Email Security Appliance anteriores a v7.1.5-106 y v7.3, v7.5 y v7.6 antes de v7.6.3-019 y dispositivos Content Security Management Appliance antes de v7.9.1 -102 y v8.0 antes de v8.0.0-404 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del servicio o cuelgue) a trav\u00e9s de una alta tasa de intentos de conexi\u00f3n TCP, identificadores de incidencias tambi\u00e9n conocido como CSCzv25573 y CSCzv81712."
    }
  ],
  "id": "CVE-2013-3386",
  "lastModified": "2024-11-21T01:53:32.063",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-06-27T21:55:07.090",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-06-05 16:00
Modified
2024-11-21 01:01
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter.
References
ykramarz@cisco.comhttp://osvdb.org/54884
ykramarz@cisco.comhttp://secunia.com/advisories/34895Vendor Advisory
ykramarz@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=18365Vendor Advisory
ykramarz@cisco.comhttp://www.securityfocus.com/bid/35203
ykramarz@cisco.comhttp://www.securitytracker.com/id?1022335
ykramarz@cisco.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/50948
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/54884
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34895Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=18365Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/35203
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1022335
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/50948
Impacted products
Vendor Product Version
cisco ironport_asyncos 6.0.0-754
cisco ironport_asyncos 6.0.0-757
cisco ironport_asyncos 6.1.0-301
cisco ironport_asyncos 6.1.0-304
cisco ironport_asyncos 6.1.0-306
cisco ironport_asyncos 6.1.0-307
cisco ironport_asyncos 6.1.5-110
cisco ironport_asyncos 6.1.6-003
cisco ironport_asyncos 6.3.5-003
cisco ironport_asyncos 6.3.6-003
cisco ironport_asyncos 6.5.0-405
cisco ironport_asyncos 6.5.1-005
cisco ironport_asyncos 6.6.4.0-273
cisco ironport_email_security_appliances *
cisco ironport_email_security_appliances *
cisco ironport_email_security_appliances *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.0.0-754:*:*:*:*:*:*:*",
              "matchCriteriaId": "477A66C5-9B97-4363-8374-7AAD50A6203A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.0.0-757:*:*:*:*:*:*:*",
              "matchCriteriaId": "01DB8C2D-5C38-4171-AE6F-FB224AEC3225",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.1.0-301:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1913AA9-2FF7-43BF-902A-A0730D375580",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.1.0-304:*:*:*:*:*:*:*",
              "matchCriteriaId": "22339A19-2486-4916-B63F-8D0095CE2CAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.1.0-306:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD01E9B8-6787-4658-9E45-2B4916BB0409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.1.0-307:*:*:*:*:*:*:*",
              "matchCriteriaId": "30A807C2-CE36-4760-BC2A-D9A6AEA1D65B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.1.5-110:*:*:*:*:*:*:*",
              "matchCriteriaId": "5134EEAA-DE71-4283-B3D3-2923749EE92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.1.6-003:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEB855ED-197C-4CAC-A5B8-E02D598320EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.3.5-003:*:*:*:*:*:*:*",
              "matchCriteriaId": "F99C6CBC-4044-45A1-B79C-C54E4A13F41B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.3.6-003:*:*:*:*:*:*:*",
              "matchCriteriaId": "29EB3C86-E8EF-4AE2-A8DC-C0B912F27F0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.5.0-405:*:*:*:*:*:*:*",
              "matchCriteriaId": "4716DAB7-C9E9-47DE-946B-B5B8F0768985",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.5.1-005:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F240870-D97A-458A-9485-24CAD3816E68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.6.4.0-273:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5A6548C-217F-4496-8DF2-4EF2A775BF7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ironport_email_security_appliances:*:c:*:*:*:*:*:*",
              "matchCriteriaId": "C9211A16-3F60-4FEF-9164-93A8DC447A76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:ironport_email_security_appliances:*:m:*:*:*:*:*:*",
              "matchCriteriaId": "202BD85B-AE22-4638-A344-E5C75C4CC243",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:ironport_email_security_appliances:*:x:*:*:*:*:*:*",
              "matchCriteriaId": "79F52D0C-C0D9-4802-9A07-968F6F68C038",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la p\u00e1gina de login Spam Quarantine en Cisco IronPort AsyncOS anterior a v6.5.2 en las Series C, M y X, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"referer\"."
    }
  ],
  "id": "CVE-2009-1162",
  "lastModified": "2024-11-21T01:01:48.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-06-05T16:00:00.280",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://osvdb.org/54884"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34895"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18365"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/35203"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id?1022335"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50948"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/54884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34895"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18365"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022335"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50948"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2013-3386
Vulnerability from cvelistv5
Published
2013-06-27 21:00
Modified
2024-09-16 22:41
Severity ?
Summary
The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (service crash or hang) via a high rate of TCP connection attempts, aka Bug IDs CSCzv25573 and CSCzv81712.
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-smavendor-advisory, x_refsource_CISCO
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esavendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.995Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130626 Multiple Vulnerabilities in Cisco Content Security Management Appliance",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma"
          },
          {
            "name": "20130626 Multiple Vulnerabilities in Cisco Email Security Appliance",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (service crash or hang) via a high rate of TCP connection attempts, aka Bug IDs CSCzv25573 and CSCzv81712."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-06-27T21:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130626 Multiple Vulnerabilities in Cisco Content Security Management Appliance",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma"
        },
        {
          "name": "20130626 Multiple Vulnerabilities in Cisco Email Security Appliance",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-3386",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (service crash or hang) via a high rate of TCP connection attempts, aka Bug IDs CSCzv25573 and CSCzv81712."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130626 Multiple Vulnerabilities in Cisco Content Security Management Appliance",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma"
            },
            {
              "name": "20130626 Multiple Vulnerabilities in Cisco Email Security Appliance",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-3386",
    "datePublished": "2013-06-27T21:00:00Z",
    "dateReserved": "2013-05-06T00:00:00Z",
    "dateUpdated": "2024-09-16T22:41:27.055Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-1162
Vulnerability from cvelistv5
Published
2009-06-05 15:25
Modified
2024-08-07 05:04
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter.
References
http://secunia.com/advisories/34895third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/35203vdb-entry, x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/50948vdb-entry, x_refsource_XF
http://osvdb.org/54884vdb-entry, x_refsource_OSVDB
http://tools.cisco.com/security/center/viewAlert.x?alertId=18365x_refsource_CONFIRM
http://www.securitytracker.com/id?1022335vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:04:49.064Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "34895",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34895"
          },
          {
            "name": "35203",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35203"
          },
          {
            "name": "ironport-asyncos-referrer-xss(50948)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50948"
          },
          {
            "name": "54884",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/54884"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18365"
          },
          {
            "name": "1022335",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022335"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "34895",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34895"
        },
        {
          "name": "35203",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35203"
        },
        {
          "name": "ironport-asyncos-referrer-xss(50948)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50948"
        },
        {
          "name": "54884",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/54884"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18365"
        },
        {
          "name": "1022335",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022335"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2009-1162",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "34895",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34895"
            },
            {
              "name": "35203",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35203"
            },
            {
              "name": "ironport-asyncos-referrer-xss(50948)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50948"
            },
            {
              "name": "54884",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/54884"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18365",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18365"
            },
            {
              "name": "1022335",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022335"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2009-1162",
    "datePublished": "2009-06-05T15:25:00",
    "dateReserved": "2009-03-26T00:00:00",
    "dateUpdated": "2024-08-07T05:04:49.064Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3289
Vulnerability from cvelistv5
Published
2014-06-10 10:00
Modified
2024-08-06 10:35
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888.
References
http://www.securitytracker.com/id/1030407vdb-entry, x_refsource_SECTRACK
http://www.kb.cert.org/vuls/id/613308third-party-advisory, x_refsource_CERT-VN
http://packetstormsecurity.com/files/127004/Cisco-Ironport-Email-Security-Virtual-Appliance-8.0.0-671-XSS.htmlx_refsource_MISC
http://seclists.org/fulldisclosure/2014/Jun/57mailing-list, x_refsource_FULLDISC
http://tools.cisco.com/security/center/viewAlert.x?alertId=34569x_refsource_CONFIRM
http://secunia.com/advisories/58296third-party-advisory, x_refsource_SECUNIA
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3289vendor-advisory, x_refsource_CISCO
http://www.securityfocus.com/bid/67943vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:35:57.192Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1030407",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030407"
          },
          {
            "name": "VU#613308",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/613308"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/127004/Cisco-Ironport-Email-Security-Virtual-Appliance-8.0.0-671-XSS.html"
          },
          {
            "name": "20140609 Cisco AsyncOS Cross-Site Scripting Vulnerability CVE-2014-3289",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Jun/57"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34569"
          },
          {
            "name": "58296",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58296"
          },
          {
            "name": "20140609 Cisco AsyncOS Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3289"
          },
          {
            "name": "67943",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67943"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-28T19:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1030407",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030407"
        },
        {
          "name": "VU#613308",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/613308"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/127004/Cisco-Ironport-Email-Security-Virtual-Appliance-8.0.0-671-XSS.html"
        },
        {
          "name": "20140609 Cisco AsyncOS Cross-Site Scripting Vulnerability CVE-2014-3289",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Jun/57"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34569"
        },
        {
          "name": "58296",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58296"
        },
        {
          "name": "20140609 Cisco AsyncOS Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3289"
        },
        {
          "name": "67943",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67943"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-3289",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1030407",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030407"
            },
            {
              "name": "VU#613308",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/613308"
            },
            {
              "name": "http://packetstormsecurity.com/files/127004/Cisco-Ironport-Email-Security-Virtual-Appliance-8.0.0-671-XSS.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/127004/Cisco-Ironport-Email-Security-Virtual-Appliance-8.0.0-671-XSS.html"
            },
            {
              "name": "20140609 Cisco AsyncOS Cross-Site Scripting Vulnerability CVE-2014-3289",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Jun/57"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34569",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34569"
            },
            {
              "name": "58296",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58296"
            },
            {
              "name": "20140609 Cisco AsyncOS Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3289"
            },
            {
              "name": "67943",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67943"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-3289",
    "datePublished": "2014-06-10T10:00:00",
    "dateReserved": "2014-05-07T00:00:00",
    "dateUpdated": "2024-08-06T10:35:57.192Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-3385
Vulnerability from cvelistv5
Published
2013-06-27 21:00
Modified
2024-09-16 17:58
Severity ?
Summary
The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (system hang) via a series of (1) HTTP or (2) HTTPS requests to a management interface, aka Bug IDs CSCzv58669, CSCzv63329, and CSCzv78669.
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsavendor-advisory, x_refsource_CISCO
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-smavendor-advisory, x_refsource_CISCO
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esavendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.941Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130626 Multiple Vulnerabilities in Cisco Web Security Appliance",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa"
          },
          {
            "name": "20130626 Multiple Vulnerabilities in Cisco Content Security Management Appliance",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma"
          },
          {
            "name": "20130626 Multiple Vulnerabilities in Cisco Email Security Appliance",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (system hang) via a series of (1) HTTP or (2) HTTPS requests to a management interface, aka Bug IDs CSCzv58669, CSCzv63329, and CSCzv78669."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-06-27T21:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130626 Multiple Vulnerabilities in Cisco Web Security Appliance",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa"
        },
        {
          "name": "20130626 Multiple Vulnerabilities in Cisco Content Security Management Appliance",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma"
        },
        {
          "name": "20130626 Multiple Vulnerabilities in Cisco Email Security Appliance",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-3385",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (system hang) via a series of (1) HTTP or (2) HTTPS requests to a management interface, aka Bug IDs CSCzv58669, CSCzv63329, and CSCzv78669."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130626 Multiple Vulnerabilities in Cisco Web Security Appliance",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa"
            },
            {
              "name": "20130626 Multiple Vulnerabilities in Cisco Content Security Management Appliance",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma"
            },
            {
              "name": "20130626 Multiple Vulnerabilities in Cisco Email Security Appliance",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-3385",
    "datePublished": "2013-06-27T21:00:00Z",
    "dateReserved": "2013-05-06T00:00:00Z",
    "dateUpdated": "2024-09-16T17:58:38.931Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-3384
Vulnerability from cvelistv5
Published
2013-06-27 21:00
Modified
2024-09-16 18:09
Severity ?
Summary
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.2.2-110, 7.7 before 7.7.0-213, and 7.8 and 7.9 before 7.9.1-102 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL, aka Bug IDs CSCzv85726, CSCzv44633, and CSCzv24579.
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsavendor-advisory, x_refsource_CISCO
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-smavendor-advisory, x_refsource_CISCO
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esavendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.893Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130626 Multiple Vulnerabilities in Cisco Web Security Appliance",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa"
          },
          {
            "name": "20130626 Multiple Vulnerabilities in Cisco Content Security Management Appliance",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma"
          },
          {
            "name": "20130626 Multiple Vulnerabilities in Cisco Email Security Appliance",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.2.2-110, 7.7 before 7.7.0-213, and 7.8 and 7.9 before 7.9.1-102 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL, aka Bug IDs CSCzv85726, CSCzv44633, and CSCzv24579."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-06-27T21:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130626 Multiple Vulnerabilities in Cisco Web Security Appliance",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa"
        },
        {
          "name": "20130626 Multiple Vulnerabilities in Cisco Content Security Management Appliance",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma"
        },
        {
          "name": "20130626 Multiple Vulnerabilities in Cisco Email Security Appliance",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-3384",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.2.2-110, 7.7 before 7.7.0-213, and 7.8 and 7.9 before 7.9.1-102 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL, aka Bug IDs CSCzv85726, CSCzv44633, and CSCzv24579."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130626 Multiple Vulnerabilities in Cisco Web Security Appliance",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa"
            },
            {
              "name": "20130626 Multiple Vulnerabilities in Cisco Content Security Management Appliance",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma"
            },
            {
              "name": "20130626 Multiple Vulnerabilities in Cisco Email Security Appliance",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-3384",
    "datePublished": "2013-06-27T21:00:00Z",
    "dateReserved": "2013-05-06T00:00:00Z",
    "dateUpdated": "2024-09-16T18:09:15.407Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-3383
Vulnerability from cvelistv5
Published
2013-06-27 21:00
Modified
2024-09-16 16:58
Severity ?
Summary
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL sent over IPv4, aka Bug ID CSCzv69294.
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsavendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.997Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130626 Multiple Vulnerabilities in Cisco Web Security Appliance",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL sent over IPv4, aka Bug ID CSCzv69294."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-06-27T21:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130626 Multiple Vulnerabilities in Cisco Web Security Appliance",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-3383",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL sent over IPv4, aka Bug ID CSCzv69294."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130626 Multiple Vulnerabilities in Cisco Web Security Appliance",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-3383",
    "datePublished": "2013-06-27T21:00:00Z",
    "dateReserved": "2013-05-06T00:00:00Z",
    "dateUpdated": "2024-09-16T16:58:42.835Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-2119
Vulnerability from cvelistv5
Published
2014-03-20 20:00
Modified
2024-08-06 10:05
Severity ?
Summary
The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118.
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncosvendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:05:59.702Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20140319 Cisco AsyncOS Software Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncos"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-03-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-03-20T19:57:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20140319 Cisco AsyncOS Software Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncos"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-2119",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140319 Cisco AsyncOS Software Code Execution Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncos"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-2119",
    "datePublished": "2014-03-20T20:00:00",
    "dateReserved": "2014-02-25T00:00:00",
    "dateUpdated": "2024-08-06T10:05:59.702Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}