Sign-up

ID

VAR-200709-0097


CVE

CVE-2007-5058


TITLE

Barracuda Spam Firewall Web Administration Console Username HTML Injection Vulnerability

Trust: 0.9

sources: BID: 25757 // CNNVD: CNNVD-200709-340

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the Web administration interface in Barracuda Spam Firewall before firmware 3.5.10.016 allows remote attackers to inject arbitrary web script or HTML via the username field in a login attempt, which is not properly handled when the Monitor Web Syslog screen is open. Barracuda Spam Firewall is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. This issue affects Barracuda Spam Firewall firmware 3.4.10.102; other versions may also be affected

Trust: 1.98

sources: NVD: CVE-2007-5058 // JVNDB: JVNDB-2007-002677 // BID: 25757 // VULHUB: VHN-28420

AFFECTED PRODUCTS

vendor:barracudamodel:spam firewallscope:lteversion:3.4.10.102

Trust: 1.0

vendor:barracudamodel:spam firewallscope:eqversion:3.4.10.102

Trust: 0.9

vendor:barracudamodel:spam firewallscope:ltversion:firmware 3.5.10.016

Trust: 0.8

vendor:barracudamodel:spam firewallscope:neversion:3.5.10.106

Trust: 0.3

sources: BID: 25757 // JVNDB: JVNDB-2007-002677 // CNNVD: CNNVD-200709-340 // NVD: CVE-2007-5058

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-5058
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-5058
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200709-340
value: MEDIUM

Trust: 0.6

VULHUB: VHN-28420
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-5058
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-28420
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-28420 // JVNDB: JVNDB-2007-002677 // CNNVD: CNNVD-200709-340 // NVD: CVE-2007-5058

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-28420 // JVNDB: JVNDB-2007-002677 // NVD: CVE-2007-5058

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200709-340

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200709-340

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-002677

PATCH
title:Top Pageurl:http://www.barracudanetworks.com/ns/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-002677

EXTERNAL IDS
db:NVDid:CVE-2007-5058
Trust: 2.8
db:BIDid:25757
Trust: 2.0
db:SECUNIAid:26937
Trust: 1.7
db:OSVDBid:38156
Trust: 1.7
db:VUPENid:ADV-2007-3257
Trust: 1.7
db:SECTRACKid:1018733
Trust: 1.7
db:SREASONid:3164
Trust: 1.7
db:JVNDBid:JVNDB-2007-002677
Trust: 0.8
db:BUGTRAQid:20070921 [ISR] - BARRACUDA SPAM FIREWALL. CROSS-SITE SCRIPTING
Trust: 0.6
db:XFid:36716
Trust: 0.6
db:CNNVDid:CNNVD-200709-340
Trust: 0.6
db:VULHUBid:VHN-28420
Trust: 0.1
sources:
            
            
            VULHUB: VHN-28420 // 
            
            
            
            BID: 25757 // 
            
            
            
            JVNDB: JVNDB-2007-002677 // 
            
            
            
            CNNVD: CNNVD-200709-340 // 
            
            
            
            NVD: CVE-2007-5058

REFERENCES
url:http://www.barracudanetworks.com/ns/support/tech_alert.php
Trust: 2.0
url:http://www.securityfocus.com/bid/25757
Trust: 1.7
url:http://www.infobyte.com.ar/adv/isr-15.html
Trust: 1.7
url:http://osvdb.org/38156
Trust: 1.7
url:http://www.securitytracker.com/id?1018733
Trust: 1.7
url:http://secunia.com/advisories/26937
Trust: 1.7
url:http://securityreason.com/securityalert/3164
Trust: 1.7
url:http://www.securityfocus.com/archive/1/480238/100/0/threaded
Trust: 1.1
url:http://www.vupen.com/english/advisories/2007/3257
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/36716
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5058
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5058
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/36716
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/480238/100/0/threaded
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2007/3257
Trust: 0.6
url:http://www.barracudanetworks.com/ns/products/spam_overview.php
Trust: 0.3
url:/archive/1/480238
Trust: 0.3
sources:
            
            
            VULHUB: VHN-28420 // 
            
            
            
            BID: 25757 // 
            
            
            
            JVNDB: JVNDB-2007-002677 // 
            
            
            
            CNNVD: CNNVD-200709-340 // 
            
            
            
            NVD: CVE-2007-5058

CREDITS
Federico Kirschbaum is credited with the discovery of this vulnerability.
Trust: 0.9
sources:
            
            
            BID: 25757 // 
            
            
            
            CNNVD: CNNVD-200709-340

SOURCES
db:VULHUBid:VHN-28420
db:BIDid:25757
db:JVNDBid:JVNDB-2007-002677
db:CNNVDid:CNNVD-200709-340
db:NVDid:CVE-2007-5058

LAST UPDATE DATE
2025-04-10T23:09:43.027000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-28420date:2018-10-15T00:00:00
db:BIDid:25757date:2015-05-07T17:35:00
db:JVNDBid:JVNDB-2007-002677date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200709-340date:2007-09-25T00:00:00
db:NVDid:CVE-2007-5058date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-28420date:2007-09-24T00:00:00
db:BIDid:25757date:2007-09-21T00:00:00
db:JVNDBid:JVNDB-2007-002677date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200709-340date:2007-09-24T00:00:00
db:NVDid:CVE-2007-5058date:2007-09-24T22:17:00