Details of VAR-200711-0231

ID

VAR-200711-0231

CVE

CVE-2007-6054

TITLE

Aruba 800 Mobility Controller Management interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-002912

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the login page in the management interface in the Aruba 800 Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /screens URI, related to the url variable. The problem is url Related to variables.By a third party /screens URI To PATH_INFO Through any Web Script or HTML May be inserted. Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible

Trust: 1.98

sources: NVD: CVE-2007-6054 // JVNDB: JVNDB-2007-002912 // BID: 26465 // VULHUB: VHN-29416

AFFECTED PRODUCTS

vendor:	aruba	model:	mc-800	scope:	eq	version:	*	Trust: 1.0
vendor:	aruba	model:	mc-800	scope:	lte	version:	2.5.4.18	Trust: 0.8
vendor:	aruba	model:	mc-800	scope:	lte	version:	and 2.4.8.6-fips	Trust: 0.8
vendor:	aruba	model:	mc-800	scope:	eq	version:	2.4.8.6-fips	Trust: 0.6
vendor:	aruba	model:	mc-800	scope:	eq	version:	firmware_2.5.4.18	Trust: 0.6
vendor:	aruba	model:	networks aruba mobility controller	scope:	eq	version:	8002.5.4.17	Trust: 0.3
vendor:	aruba	model:	networks aruba mobility controller	scope:	eq	version:	8002.4.8.6	Trust: 0.3
vendor:	aruba	model:	networks aruba mobility controller	scope:	eq	version:	800	Trust: 0.3
vendor:	aruba	model:	networks aruba mobility controller	scope:	ne	version:	8002.5.4.18	Trust: 0.3
vendor:	aruba	model:	networks aruba mobility controller 2.4.8.6-fips	scope:	ne	version:	800	Trust: 0.3

sources: BID: 26465 // JVNDB: JVNDB-2007-002912 // CNNVD: CNNVD-200711-303 // NVD: CVE-2007-6054

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-6054
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-6054
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200711-303
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-29416
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-6054
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-29416
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-29416 // JVNDB: JVNDB-2007-002912 // CNNVD: CNNVD-200711-303 // NVD: CVE-2007-6054

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-29416 // JVNDB: JVNDB-2007-002912 // NVD: CVE-2007-6054

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200711-303

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200711-303

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002912

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-29416

PATCH

title:

AID-070907b

url:

http://arubanetworks.com/support/alerts/aid-070907b.asc

Trust: 0.8

sources: JVNDB: JVNDB-2007-002912

EXTERNAL IDS

db:	NVD	id:	CVE-2007-6054	Trust: 2.8
db:	CERT/CC	id:	VU#680449	Trust: 2.5
db:	BID	id:	26465	Trust: 2.0
db:	SREASON	id:	3380	Trust: 1.7
db:	OSVDB	id:	45301	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-002912	Trust: 0.8
db:	BUGTRAQ	id:	20071115 PR07-26: PERSISTENT XSS ON ARUBA 800 MOBILITY CONTROLLER'S LOGIN PAGE	Trust: 0.6
db:	CNNVD	id:	CNNVD-200711-303	Trust: 0.6
db:	SEEBUG	id:	SSVID-84138	Trust: 0.1
db:	EXPLOIT-DB	id:	30771	Trust: 0.1
db:	VULHUB	id:	VHN-29416	Trust: 0.1

sources: VULHUB: VHN-29416 // BID: 26465 // JVNDB: JVNDB-2007-002912 // CNNVD: CNNVD-200711-303 // NVD: CVE-2007-6054

REFERENCES

url:	http://www.kb.cert.org/vuls/id/680449	Trust: 2.5
url:	http://www.securityfocus.com/bid/26465	Trust: 1.7
url:	http://arubanetworks.com/support/alerts/aid-070907b.asc	Trust: 1.7
url:	http://osvdb.org/45301	Trust: 1.7
url:	http://securityreason.com/securityalert/3380	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/483778/100/0/threaded	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6054	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6054	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/483778/100/0/threaded	Trust: 0.6
url:	http://www.arubanetworks.com/	Trust: 0.3
url:	http://procheckup.com/vulnerability_pr07-26.php	Trust: 0.3
url:	/archive/1/483778	Trust: 0.3
url:	http://www.arubanetworks.com/support/alerts/aid-070907b.asc	Trust: 0.3

sources: VULHUB: VHN-29416 // BID: 26465 // JVNDB: JVNDB-2007-002912 // CNNVD: CNNVD-200711-303 // NVD: CVE-2007-6054

CREDITS

Jan Fry of ProCheckUp Ltd is credited with the discovery of this vulnerability.

Trust: 0.9

sources: BID: 26465 // CNNVD: CNNVD-200711-303

SOURCES

db:	VULHUB	id:	VHN-29416
db:	BID	id:	26465
db:	JVNDB	id:	JVNDB-2007-002912
db:	CNNVD	id:	CNNVD-200711-303
db:	NVD	id:	CVE-2007-6054

LAST UPDATE DATE

2025-04-10T23:16:43.083000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-29416	date:	2018-10-15T00:00:00
db:	BID	id:	26465	date:	2015-03-19T09:15:00
db:	JVNDB	id:	JVNDB-2007-002912	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200711-303	date:	2007-11-21T00:00:00
db:	NVD	id:	CVE-2007-6054	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-29416	date:	2007-11-20T00:00:00
db:	BID	id:	26465	date:	2007-11-15T00:00:00
db:	JVNDB	id:	JVNDB-2007-002912	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200711-303	date:	2007-11-20T00:00:00
db:	NVD	id:	CVE-2007-6054	date:	2007-11-20T20:46:00