VAR-200901-0123
Vulnerability from variot - Updated: 2023-12-18 12:11Cross-site scripting (XSS) vulnerability in index.php in Check Point Connectra NGX R62 HFA_01 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Connectra NGX is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Connectra NGX R62 HFA_01, Hotfix 601, Builds 006 and 014 are vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/
TITLE: Checkpoint Connectra NGX "dir" Cross-Site Scripting Vulnerability
SECUNIA ADVISORY ID: SA31553
VERIFY ADVISORY: http://secunia.com/advisories/31553/
CRITICAL: Less critical
IMPACT: Cross Site Scripting
WHERE:
From remote
OPERATING SYSTEM: Check Point Connectra Appliances http://secunia.com/advisories/product/13352/
DESCRIPTION: Sarid Harper has reported a vulnerability in Checkpoint Connectra NGX, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the "dir" parameter in index.php is not properly sanitised before being returned to the user.
SOLUTION: Filter malicious characters and character sequences in a proxy.
PROVIDED AND/OR DISCOVERED BY: Sarid Harper
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200901-0123",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "connectra ngx",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "r62"
},
{
"model": "connectra ngx",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "r62 hfa_01"
},
{
"model": "point software connectra ngx r62",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software connectra ngx r62 hfa 01 hotfi",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "31369"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001640"
},
{
"db": "NVD",
"id": "CVE-2008-5994"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-396"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:checkpoint:connectra_ngx:r62:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-5994"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sarid Harper",
"sources": [
{
"db": "BID",
"id": "31369"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-396"
}
],
"trust": 0.9
},
"cve": "CVE-2008-5994",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2008-5994",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-36119",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-5994",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200901-396",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-36119",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-36119"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001640"
},
{
"db": "NVD",
"id": "CVE-2008-5994"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-396"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in index.php in Check Point Connectra NGX R62 HFA_01 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Connectra NGX is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. \nConnectra NGX R62 HFA_01, Hotfix 601, Builds 006 and 014 are vulnerable; other versions may also be affected. ----------------------------------------------------------------------\n\nDo you need accurate and reliable IDS / IPS / AV detection rules?\n\nGet in-depth vulnerability details:\nhttp://secunia.com/binary_analysis/sample_analysis/\n\n----------------------------------------------------------------------\n\nTITLE:\nCheckpoint Connectra NGX \"dir\" Cross-Site Scripting Vulnerability\n\nSECUNIA ADVISORY ID:\nSA31553\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/31553/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nCross Site Scripting\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nCheck Point Connectra Appliances\nhttp://secunia.com/advisories/product/13352/\n\nDESCRIPTION:\nSarid Harper has reported a vulnerability in Checkpoint Connectra\nNGX, which can be exploited by malicious people to conduct cross-site\nscripting attacks. \n\nInput passed to the \"dir\" parameter in index.php is not properly\nsanitised before being returned to the user. \n\nSOLUTION:\nFilter malicious characters and character sequences in a proxy. \n\nPROVIDED AND/OR DISCOVERED BY:\nSarid Harper\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-5994"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001640"
},
{
"db": "BID",
"id": "31369"
},
{
"db": "VULHUB",
"id": "VHN-36119"
},
{
"db": "PACKETSTORM",
"id": "70280"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-5994",
"trust": 2.8
},
{
"db": "BID",
"id": "31369",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "31553",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001640",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200901-396",
"trust": 0.7
},
{
"db": "XF",
"id": "45385",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-36119",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "70280",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-36119"
},
{
"db": "BID",
"id": "31369"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001640"
},
{
"db": "PACKETSTORM",
"id": "70280"
},
{
"db": "NVD",
"id": "CVE-2008-5994"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-396"
}
]
},
"id": "VAR-200901-0123",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-36119"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:11:53.396000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://supportcenter.checkpoint.com/supportcenter/index.jsp"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001640"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-36119"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001640"
},
{
"db": "NVD",
"id": "CVE-2008-5994"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/31369"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31553"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45385"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5994"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-5994"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/45385"
},
{
"trust": 0.3,
"url": "http://www.checkpoint.com"
},
{
"trust": 0.1,
"url": "http://secunia.com/binary_analysis/sample_analysis/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/31553/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/13352/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-36119"
},
{
"db": "BID",
"id": "31369"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001640"
},
{
"db": "PACKETSTORM",
"id": "70280"
},
{
"db": "NVD",
"id": "CVE-2008-5994"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-396"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-36119"
},
{
"db": "BID",
"id": "31369"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001640"
},
{
"db": "PACKETSTORM",
"id": "70280"
},
{
"db": "NVD",
"id": "CVE-2008-5994"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-396"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-01-28T00:00:00",
"db": "VULHUB",
"id": "VHN-36119"
},
{
"date": "2008-09-24T00:00:00",
"db": "BID",
"id": "31369"
},
{
"date": "2009-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001640"
},
{
"date": "2008-09-24T19:14:30",
"db": "PACKETSTORM",
"id": "70280"
},
{
"date": "2009-01-28T15:30:00.407000",
"db": "NVD",
"id": "CVE-2008-5994"
},
{
"date": "2009-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200901-396"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-36119"
},
{
"date": "2015-05-07T17:23:00",
"db": "BID",
"id": "31369"
},
{
"date": "2009-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001640"
},
{
"date": "2017-08-08T01:33:40.017000",
"db": "NVD",
"id": "CVE-2008-5994"
},
{
"date": "2009-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200901-396"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200901-396"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Check Point Connectra NGX of index.php Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001640"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "70280"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-396"
}
],
"trust": 0.7
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…