CVE-2008-3821 : Détail

CVE-2008-3821

Cross-site Scripting
A03-Injection
2.74%V3
Network
2009-01-16
20h00 +00:00
2018-10-11
17h57 +00:00
CVE.org
NVD
Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Gestion des notifications

Descriptions du CVE

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI.

Informations du CVE

Faiblesses connexes

CWE-ID Nom de la faiblesse Source
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Métriques

Métriques Score Gravité CVSS Vecteur Source
V2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N [email protected]

EPSS

EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.

Score EPSS

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Percentile EPSS

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
EPSS First.org

Informations sur l'Exploit

Exploit Database EDB-ID : 32723

Date de publication : 2009-01-13 23h00 +00:00
Auteur : Adrian Pastor
EDB Vérifié : Yes

source: https://www.securityfocus.com/bid/33260/info Cisco IOS HTTP Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. These issues are tracked by Cisco bug IDs CSCsi13344 and CSCsr72301. http://www.example.com/ping?<script>alert("Running+code+within+the_context+of+"%2bdocument.domain)</script>

Products Mentioned

Configuraton 0

Cisco>>Ios >> Version 12.0

Cisco>>Ios >> Version 12.0da

Cisco>>Ios >> Version 12.0db

Cisco>>Ios >> Version 12.0dc

Cisco>>Ios >> Version 12.0s

Cisco>>Ios >> Version 12.0sc

Cisco>>Ios >> Version 12.0sl

Cisco>>Ios >> Version 12.0sp

Cisco>>Ios >> Version 12.0st

Cisco>>Ios >> Version 12.0sx

Cisco>>Ios >> Version 12.0sy

Cisco>>Ios >> Version 12.0sz

Cisco>>Ios >> Version 12.0t

Cisco>>Ios >> Version 12.0w

Cisco>>Ios >> Version 12.0wc

Cisco>>Ios >> Version 12.0xa

Cisco>>Ios >> Version 12.0xb

Cisco>>Ios >> Version 12.0xc

Cisco>>Ios >> Version 12.0xd

Cisco>>Ios >> Version 12.0xe

Cisco>>Ios >> Version 12.0xg

Cisco>>Ios >> Version 12.0xh

Cisco>>Ios >> Version 12.0xi

Cisco>>Ios >> Version 12.0xj

Cisco>>Ios >> Version 12.0xk

Cisco>>Ios >> Version 12.0xl

Cisco>>Ios >> Version 12.0xm

Cisco>>Ios >> Version 12.0xn

Cisco>>Ios >> Version 12.0xq

Cisco>>Ios >> Version 12.0xr

Cisco>>Ios >> Version 12.0xs

Cisco>>Ios >> Version 12.0xt

Cisco>>Ios >> Version 12.0xv

Cisco>>Ios >> Version 12.1

Cisco>>Ios >> Version 12.1aa

Cisco>>Ios >> Version 12.1ax

Cisco>>Ios >> Version 12.1ay

Cisco>>Ios >> Version 12.1cx

Cisco>>Ios >> Version 12.1da

Cisco>>Ios >> Version 12.1db

Cisco>>Ios >> Version 12.1dc

Cisco>>Ios >> Version 12.1eb

Cisco>>Ios >> Version 12.1ec

Cisco>>Ios >> Version 12.1eo

Cisco>>Ios >> Version 12.1eu

Cisco>>Ios >> Version 12.1ew

Cisco>>Ios >> Version 12.1ex

Cisco>>Ios >> Version 12.1ey

Cisco>>Ios >> Version 12.1ez

Cisco>>Ios >> Version 12.1ga

Cisco>>Ios >> Version 12.1gb

Cisco>>Ios >> Version 12.1t

Cisco>>Ios >> Version 12.1xa

Cisco>>Ios >> Version 12.1xb

Cisco>>Ios >> Version 12.1xc

Cisco>>Ios >> Version 12.1xd

Cisco>>Ios >> Version 12.1xe

Cisco>>Ios >> Version 12.1xf

Cisco>>Ios >> Version 12.1xg

Cisco>>Ios >> Version 12.1xh

Cisco>>Ios >> Version 12.1xi

Cisco>>Ios >> Version 12.1xj

Cisco>>Ios >> Version 12.1xl

Cisco>>Ios >> Version 12.1xm

Cisco>>Ios >> Version 12.1xp

Cisco>>Ios >> Version 12.1xq

Cisco>>Ios >> Version 12.1xr

Cisco>>Ios >> Version 12.1xs

Cisco>>Ios >> Version 12.1xt

Cisco>>Ios >> Version 12.1xu

Cisco>>Ios >> Version 12.1xv

Cisco>>Ios >> Version 12.1xw

Cisco>>Ios >> Version 12.1xx

Cisco>>Ios >> Version 12.1xy

Cisco>>Ios >> Version 12.1xz

Cisco>>Ios >> Version 12.1ya

Cisco>>Ios >> Version 12.1yb

Cisco>>Ios >> Version 12.1yc

Cisco>>Ios >> Version 12.1yd

Cisco>>Ios >> Version 12.1ye

Cisco>>Ios >> Version 12.1yf

Cisco>>Ios >> Version 12.1yh

Cisco>>Ios >> Version 12.1yi

Cisco>>Ios >> Version 12.1yj

Cisco>>Ios >> Version 12.2

Cisco>>Ios >> Version 12.2b

Cisco>>Ios >> Version 12.2bc

Cisco>>Ios >> Version 12.2bw

Cisco>>Ios >> Version 12.2bx

Cisco>>Ios >> Version 12.2by

Cisco>>Ios >> Version 12.2bz

Cisco>>Ios >> Version 12.2cx

Cisco>>Ios >> Version 12.2cy

Cisco>>Ios >> Version 12.2cz

Cisco>>Ios >> Version 12.2da

Cisco>>Ios >> Version 12.2dd

Cisco>>Ios >> Version 12.2dx

Cisco>>Ios >> Version 12.2ew

Cisco>>Ios >> Version 12.2ewa

Cisco>>Ios >> Version 12.2ex

Cisco>>Ios >> Version 12.2ey

Cisco>>Ios >> Version 12.2ez

Cisco>>Ios >> Version 12.2fx

Cisco>>Ios >> Version 12.2fy

Cisco>>Ios >> Version 12.2fz

Cisco>>Ios >> Version 12.2ixa

Cisco>>Ios >> Version 12.2ixb

Cisco>>Ios >> Version 12.2ixc

Cisco>>Ios >> Version 12.2ixd

Cisco>>Ios >> Version 12.2ixe

Cisco>>Ios >> Version 12.2ixf

Cisco>>Ios >> Version 12.2ixg

Cisco>>Ios >> Version 12.2ja

Cisco>>Ios >> Version 12.2jk

Cisco>>Ios >> Version 12.2mb

Cisco>>Ios >> Version 12.2mc

Cisco>>Ios >> Version 12.2s

Cisco>>Ios >> Version 12.2sb

Cisco>>Ios >> Version 12.2sbc

Cisco>>Ios >> Version 12.2se

Cisco>>Ios >> Version 12.2sea

Cisco>>Ios >> Version 12.2seb

Cisco>>Ios >> Version 12.2sec

Cisco>>Ios >> Version 12.2sed

Cisco>>Ios >> Version 12.2see

Cisco>>Ios >> Version 12.2sef

Cisco>>Ios >> Version 12.2seg

Cisco>>Ios >> Version 12.2sg

Cisco>>Ios >> Version 12.2sga

Cisco>>Ios >> Version 12.2sm

Cisco>>Ios >> Version 12.2so

Cisco>>Ios >> Version 12.2sr

Cisco>>Ios >> Version 12.2sra

Cisco>>Ios >> Version 12.2srb

Cisco>>Ios >> Version 12.2su

Cisco>>Ios >> Version 12.2sv

Cisco>>Ios >> Version 12.2sva

Cisco>>Ios >> Version 12.2svc

Cisco>>Ios >> Version 12.2svd

Cisco>>Ios >> Version 12.2sve

Cisco>>Ios >> Version 12.2sw

Cisco>>Ios >> Version 12.2sx

Cisco>>Ios >> Version 12.2sxa

Cisco>>Ios >> Version 12.2sxb

Cisco>>Ios >> Version 12.2sxd

Cisco>>Ios >> Version 12.2sxe

Cisco>>Ios >> Version 12.2sxf

Cisco>>Ios >> Version 12.2sy

Cisco>>Ios >> Version 12.2sz

Cisco>>Ios >> Version 12.2t

Cisco>>Ios >> Version 12.2tpc

Cisco>>Ios >> Version 12.2xa

Cisco>>Ios >> Version 12.2xb

Cisco>>Ios >> Version 12.2xc

Cisco>>Ios >> Version 12.2xd

Cisco>>Ios >> Version 12.2xe

Cisco>>Ios >> Version 12.2xf

Cisco>>Ios >> Version 12.2xg

Cisco>>Ios >> Version 12.2xh

Cisco>>Ios >> Version 12.2xi

Cisco>>Ios >> Version 12.2xj

Cisco>>Ios >> Version 12.2xk

Cisco>>Ios >> Version 12.2xl

Cisco>>Ios >> Version 12.2xm

Cisco>>Ios >> Version 12.2xn

Cisco>>Ios >> Version 12.2xo

Cisco>>Ios >> Version 12.2xq

Cisco>>Ios >> Version 12.2xr

Cisco>>Ios >> Version 12.2xs

Cisco>>Ios >> Version 12.2xt

Cisco>>Ios >> Version 12.2xu

Cisco>>Ios >> Version 12.2xv

Cisco>>Ios >> Version 12.2xw

Cisco>>Ios >> Version 12.2ya

Cisco>>Ios >> Version 12.2yb

Cisco>>Ios >> Version 12.2yc

Cisco>>Ios >> Version 12.2yd

Cisco>>Ios >> Version 12.2ye

Cisco>>Ios >> Version 12.2yf

Cisco>>Ios >> Version 12.2yg

Cisco>>Ios >> Version 12.2yh

Cisco>>Ios >> Version 12.2yj

Cisco>>Ios >> Version 12.2yk

Cisco>>Ios >> Version 12.2yl

Cisco>>Ios >> Version 12.2ym

Cisco>>Ios >> Version 12.2yn

Cisco>>Ios >> Version 12.2yo

Cisco>>Ios >> Version 12.2yp

Cisco>>Ios >> Version 12.2yq

Cisco>>Ios >> Version 12.2yr

Cisco>>Ios >> Version 12.2yt

Cisco>>Ios >> Version 12.2yu

Cisco>>Ios >> Version 12.2yv

Cisco>>Ios >> Version 12.2yw

Cisco>>Ios >> Version 12.2yx

Cisco>>Ios >> Version 12.2yy

Cisco>>Ios >> Version 12.2yz

Cisco>>Ios >> Version 12.2za

Cisco>>Ios >> Version 12.2zb

Cisco>>Ios >> Version 12.2zc

Cisco>>Ios >> Version 12.2zd

Cisco>>Ios >> Version 12.2ze

Cisco>>Ios >> Version 12.2zf

Cisco>>Ios >> Version 12.2zg

Cisco>>Ios >> Version 12.2zh

Cisco>>Ios >> Version 12.2zj

Cisco>>Ios >> Version 12.2zl

Cisco>>Ios >> Version 12.2zp

Cisco>>Ios >> Version 12.2zu

Cisco>>Ios >> Version 12.2zx

Cisco>>Ios >> Version 12.2zy

Cisco>>Ios >> Version 12.2zya

Cisco>>Ios >> Version 12.3

Cisco>>Ios >> Version 12.3b

Cisco>>Ios >> Version 12.3bc

Cisco>>Ios >> Version 12.3bw

Cisco>>Ios >> Version 12.3ja

Cisco>>Ios >> Version 12.3jea

Cisco>>Ios >> Version 12.3jeb

Cisco>>Ios >> Version 12.3jec

Cisco>>Ios >> Version 12.3jk

Cisco>>Ios >> Version 12.3jl

Cisco>>Ios >> Version 12.3jx

Cisco>>Ios >> Version 12.3t

Cisco>>Ios >> Version 12.3tpc

Cisco>>Ios >> Version 12.3va

Cisco>>Ios >> Version 12.3xa

Cisco>>Ios >> Version 12.3xb

Cisco>>Ios >> Version 12.3xc

Cisco>>Ios >> Version 12.3xd

Cisco>>Ios >> Version 12.3xe

Cisco>>Ios >> Version 12.3xg

Cisco>>Ios >> Version 12.3xi

Cisco>>Ios >> Version 12.3xj

Cisco>>Ios >> Version 12.3xk

Cisco>>Ios >> Version 12.3xl

Cisco>>Ios >> Version 12.3xq

Cisco>>Ios >> Version 12.3xr

Cisco>>Ios >> Version 12.3xs

Cisco>>Ios >> Version 12.3xu

Cisco>>Ios >> Version 12.3xw

Cisco>>Ios >> Version 12.3xx

Cisco>>Ios >> Version 12.3xy

Cisco>>Ios >> Version 12.3xz

Cisco>>Ios >> Version 12.3ya

Cisco>>Ios >> Version 12.3yd

Cisco>>Ios >> Version 12.3yf

Cisco>>Ios >> Version 12.3yg

Cisco>>Ios >> Version 12.3yh

Cisco>>Ios >> Version 12.3yi

Cisco>>Ios >> Version 12.3yj

Cisco>>Ios >> Version 12.3yk

Cisco>>Ios >> Version 12.3ym

Cisco>>Ios >> Version 12.3yq

Cisco>>Ios >> Version 12.3ys

Cisco>>Ios >> Version 12.3yt

Cisco>>Ios >> Version 12.3yu

Cisco>>Ios >> Version 12.3yx

Cisco>>Ios >> Version 12.3yz

Cisco>>Ios >> Version 12.3za

Cisco>>Ios >> Version 12.4

Cisco>>Ios >> Version 12.4ja

Cisco>>Ios >> Version 12.4jda

Cisco>>Ios >> Version 12.4jk

Cisco>>Ios >> Version 12.4jl

Cisco>>Ios >> Version 12.4jma

Cisco>>Ios >> Version 12.4jmb

Cisco>>Ios >> Version 12.4jx

Cisco>>Ios >> Version 12.4md

Cisco>>Ios >> Version 12.4mr

Cisco>>Ios >> Version 12.4sw

Cisco>>Ios >> Version 12.4t

Cisco>>Ios >> Version 12.4xa

Cisco>>Ios >> Version 12.4xb

Cisco>>Ios >> Version 12.4xc

Cisco>>Ios >> Version 12.4xd

Cisco>>Ios >> Version 12.4xe

Cisco>>Ios >> Version 12.4xg

Cisco>>Ios >> Version 12.4xj

Cisco>>Ios >> Version 12.4xk

Cisco>>Ios >> Version 12.4xp

Cisco>>Ios >> Version 12.4xt

Cisco>>Ios >> Version 12.4xv

Cisco>>Ios >> Version 12.4xw

Références

http://jvn.jp/en/jp/JVN28344798/index.html
Tags : third-party-advisory, x_refsource_JVN
http://osvdb.org/51393
Tags : vdb-entry, x_refsource_OSVDB
http://securitytracker.com/id?1021598
Tags : vdb-entry, x_refsource_SECTRACK
http://securityreason.com/securityalert/4916
Tags : third-party-advisory, x_refsource_SREASON
http://www.securityfocus.com/bid/33260
Tags : vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2009/0138
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/33461
Tags : third-party-advisory, x_refsource_SECUNIA
http://osvdb.org/51394
Tags : vdb-entry, x_refsource_OSVDB