VAR-201209-0471
Vulnerability from variot - Updated: 2023-12-18 13:49Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi. (1) dnat.cgi of createrule Parameters (2) dansguardian.cgi of addrule Parameters (3) openvpn_users.cgi of PATH_INFO. Endian Firewall is an open source firewall device. Exploiting these issues could allow an attacker to execute arbitrary script on the affected server and steal cookie-based authentication credentials. Other attacks are also possible. It is being developed by the Italian Endian Srl and the community. Endian is originally based on IPCop, which itself was a fork of Smoothwall.
(Copy of the Vendor Website: http://en.wikipedia.org/wiki/Endian_Firewall )
Einfach, schnell und zukunftssicher! Die ideale Lösung, um Ihre Filialen und industriellen Zweigstellen rund um den Globus zu schützen. Endian 4i ist die ideale Lösung für Büroaußenstellen oder Industrieinstallationen. Die Firewall ist in den zwei Varianten „Office“ und „Industrial“ erhältlich. Die Office-Version bietet alle Funktionen, um Netzwerke in der Firma und in Verbindung mit Außenstellen einfach und sicher zu verlinken. Derselbe Funktionsumfang ist bei der Industrial-Version vorhanden, die sich speziell an den Industriebereich richtet und 24V Support bietet sowie auf der Hutschiene installiert werden kann. Remote-Supporting, Remote-Konfiguration, Systemüberwachung bis hin zur einfachen, sicheren Vernetzung von Außenstellen – die Kostenvorteile dabei liegen auf der Hand. Sichern auch Sie sich die Konnektivität Ihres Unternehmens ab, und behalten Sie mit der Endian 4i stets die Nase vorn.
(Copy of the Vendor Homepage: http://www.endian.com/de/products/utm-hardware/4i/)
Abstract:
The Vulnerability Lab Team discovered mutliple non persistent Cross Site Scripting Vulnerabilities on Endians UTM Firewall v2.4.x Application.
Report-Timeline:
2011-02-02: Vendor Notification 2012-02-18: Public or Non-Public Disclosure
Status:
Published
Affected Products:
Endian Product: UTM Firewall Appliance Application v2.4.x
Exploitation-Technique:
Remote
Severity:
Medium
Details:
Multiple non persistent cross site scripting vulnerabilities are detected on Endian Firewall v2.4.x UTM Appliance Application. The vulnerability allows remote attackers to hijack website customer, moderator or admin sessions with high required user inter action or local low privileged user account. Successful exploitation can result in account steal, phishing & client-side content request manipulation.
Vulnerable Module(s): [+] openvpn_users.cgi [+] dnat.cgi#createrule [+] dansguardian.cgi#addrule
Picture(s): ../1.png ../2.png ../3.png
Proof of Concept:
The vulnerabilities can be exploited by local low privileged user accounts or remote attackers with high required user inter action. For demonstration or reproduce ...
1 https://demo.endian.com/cgi-bin/dnat.cgi#createrule
[XSS]
2 https://demo.endian.com/cgi-bin/dansguardian.cgi#addrule[XSS]
3 https://demo.endian.com/cgi-bin/openvpn_users.cgi
?=[XSS]
Risk:
The security risk of the cross site scripting vulnerabilities are estimated as medium(-).
Credits:
Vulnerability Research Laboratory
Disclaimer:
The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability- Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab or its suppliers.
Copyright © 2012|Vulnerability-Lab
-- Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com Contact: admin@vulnerability-lab.com or support@vulnerability-lab.com
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201209-0471",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firewall",
"scope": "eq",
"trust": 3.3,
"vendor": "endian",
"version": "2.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5804"
},
{
"db": "BID",
"id": "52076"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004428"
},
{
"db": "NVD",
"id": "CVE-2012-4923"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-373"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:endian:firewall:2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4923"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability Research Laboratory",
"sources": [
{
"db": "BID",
"id": "52076"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-373"
}
],
"trust": 0.9
},
"cve": "CVE-2012-4923",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-4923",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-58204",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-4923",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-373",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-58204",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58204"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004428"
},
{
"db": "NVD",
"id": "CVE-2012-4923"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-373"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi. (1) dnat.cgi of createrule Parameters (2) dansguardian.cgi of addrule Parameters (3) openvpn_users.cgi of PATH_INFO. Endian Firewall is an open source firewall device. \nExploiting these issues could allow an attacker to execute arbitrary script on the affected server and steal cookie-based authentication credentials. Other attacks are also possible. It is being developed by the Italian Endian Srl and the community. Endian is originally \nbased on IPCop, which itself was a fork of Smoothwall. \n\n(Copy of the Vendor Website: http://en.wikipedia.org/wiki/Endian_Firewall )\n\nEinfach, schnell und zukunftssicher! Die ideale L\u00f6sung, um Ihre Filialen und industriellen Zweigstellen rund um den Globus zu sch\u00fctzen. \nEndian 4i ist die ideale L\u00f6sung f\u00fcr B\u00fcroau\u00dfenstellen oder Industrieinstallationen. Die Firewall ist in den zwei Varianten \u201eOffice\u201c und \n\u201eIndustrial\u201c erh\u00e4ltlich. Die Office-Version bietet alle Funktionen, um Netzwerke in der Firma und in Verbindung mit Au\u00dfenstellen einfach \nund sicher zu verlinken. Derselbe Funktionsumfang ist bei der Industrial-Version vorhanden, die sich speziell an den Industriebereich \nrichtet und 24V Support bietet sowie auf der Hutschiene installiert werden kann. Remote-Supporting, Remote-Konfiguration, System\u00fcberwachung \nbis hin zur einfachen, sicheren Vernetzung von Au\u00dfenstellen \u2013 die Kostenvorteile dabei liegen auf der Hand. Sichern auch Sie sich die \nKonnektivit\u00e4t Ihres Unternehmens ab, und behalten Sie mit der Endian 4i stets die Nase vorn. \n\n(Copy of the Vendor Homepage: http://www.endian.com/de/products/utm-hardware/4i/)\n\n\nAbstract:\n=========\nThe Vulnerability Lab Team discovered mutliple non persistent Cross Site Scripting Vulnerabilities on Endians UTM Firewall v2.4.x Application. \n\n\nReport-Timeline:\n================\n2011-02-02:\tVendor Notification\n2012-02-18:\tPublic or Non-Public Disclosure\n\n\nStatus:\n========\nPublished\n\n\nAffected Products:\n==================\nEndian\nProduct: UTM Firewall Appliance Application v2.4.x\n\n\nExploitation-Technique:\n=======================\nRemote\n\n\nSeverity:\n=========\nMedium\n\n\nDetails:\n========\nMultiple non persistent cross site scripting vulnerabilities are detected on Endian Firewall v2.4.x UTM Appliance Application. \nThe vulnerability allows remote attackers to hijack website customer, moderator or admin sessions with high required \nuser inter action or local low privileged user account. Successful exploitation can result in account steal, phishing \n\u0026 client-side content request manipulation. \n\nVulnerable Module(s):\n [+] openvpn_users.cgi\n [+] dnat.cgi#createrule\n [+] dansguardian.cgi#addrule\n\nPicture(s):\n ../1.png\n ../2.png\n ../3.png\n\n\nProof of Concept:\n=================\nThe vulnerabilities can be exploited by local low privileged user accounts or remote attackers with high required user inter action. \nFor demonstration or reproduce ... \n\n\n#1 https://demo.endian.com/cgi-bin/dnat.cgi#createrule\n[XSS]\n\n#2 https://demo.endian.com/cgi-bin/dansguardian.cgi#addrule[XSS]\n\n\n#3 https://demo.endian.com/cgi-bin/openvpn_users.cgi\n?=[XSS]\n\n\n\nRisk:\n=====\nThe security risk of the cross site scripting vulnerabilities are estimated as medium(-). \n\n\nCredits:\n========\nVulnerability Research Laboratory\n\n\nDisclaimer:\n===========\nThe information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, \neither expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-\nLab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business \nprofits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some \nstates do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation \nmay not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability-\nLab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of \nother media, are reserved by Vulnerability-Lab or its suppliers. \n\n \t\t\t\t\t\tCopyright \u00a9 2012|Vulnerability-Lab\n\n\n-- \nWebsite: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com\nContact: admin@vulnerability-lab.com or support@vulnerability-lab.com\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4923"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004428"
},
{
"db": "CNVD",
"id": "CNVD-2012-5804"
},
{
"db": "BID",
"id": "52076"
},
{
"db": "VULHUB",
"id": "VHN-58204"
},
{
"db": "PACKETSTORM",
"id": "109942"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-58204",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58204"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4923",
"trust": 3.4
},
{
"db": "BID",
"id": "52076",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "109942",
"trust": 1.8
},
{
"db": "XF",
"id": "73330",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004428",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201202-373",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2012-5804",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "20918",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "36831",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "36833",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "36832",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-58204",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5804"
},
{
"db": "VULHUB",
"id": "VHN-58204"
},
{
"db": "BID",
"id": "52076"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004428"
},
{
"db": "PACKETSTORM",
"id": "109942"
},
{
"db": "NVD",
"id": "CVE-2012-4923"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-373"
}
]
},
"id": "VAR-201209-0471",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5804"
},
{
"db": "VULHUB",
"id": "VHN-58204"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5804"
}
]
},
"last_update_date": "2023-12-18T13:49:08.551000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Endian Firewall Community",
"trust": 0.8,
"url": "http://www.endian.com/en/community/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004428"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58204"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004428"
},
{
"db": "NVD",
"id": "CVE-2012-4923"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.vulnerability-lab.com/get_content.php?id=436"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/52076"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.org/files/109942/endian-utm-firewall-2.4.x-cross-site-scripting.html"
},
{
"trust": 1.2,
"url": "http://xforce.iss.net/xforce/xfdb/73330"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73330"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4923"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4923"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20918"
},
{
"trust": 0.3,
"url": "http://www.endian.com/en/products/firewall/appliances/"
},
{
"trust": 0.1,
"url": "https://demo.endian.com/cgi-bin/openvpn_users.cgi"
},
{
"trust": 0.1,
"url": "https://demo.endian.com/cgi-bin/dansguardian.cgi#addrule[xss]"
},
{
"trust": 0.1,
"url": "http://www.endian.com/de/products/utm-hardware/4i/)"
},
{
"trust": 0.1,
"url": "http://en.wikipedia.org/wiki/endian_firewall"
},
{
"trust": 0.1,
"url": "https://demo.endian.com/cgi-bin/dnat.cgi#createrule"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5804"
},
{
"db": "VULHUB",
"id": "VHN-58204"
},
{
"db": "BID",
"id": "52076"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004428"
},
{
"db": "PACKETSTORM",
"id": "109942"
},
{
"db": "NVD",
"id": "CVE-2012-4923"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-373"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-5804"
},
{
"db": "VULHUB",
"id": "VHN-58204"
},
{
"db": "BID",
"id": "52076"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004428"
},
{
"db": "PACKETSTORM",
"id": "109942"
},
{
"db": "NVD",
"id": "CVE-2012-4923"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-373"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5804"
},
{
"date": "2012-09-15T00:00:00",
"db": "VULHUB",
"id": "VHN-58204"
},
{
"date": "2012-02-18T00:00:00",
"db": "BID",
"id": "52076"
},
{
"date": "2012-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004428"
},
{
"date": "2012-02-18T16:27:09",
"db": "PACKETSTORM",
"id": "109942"
},
{
"date": "2012-09-15T17:55:07.223000",
"db": "NVD",
"id": "CVE-2012-4923"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-373"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5804"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-58204"
},
{
"date": "2015-03-19T07:35:00",
"db": "BID",
"id": "52076"
},
{
"date": "2012-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004428"
},
{
"date": "2017-08-29T01:32:25.417000",
"db": "NVD",
"id": "CVE-2012-4923"
},
{
"date": "2012-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-373"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-373"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Endian Firewall Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004428"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "109942"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-373"
}
],
"trust": 0.7
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…