Details of VAR-201208-0875

ID

VAR-201208-0875

TITLE

SonicWall AntiSpam & EMail Multiple HTML Injection Vulnerabilities and Cross-Site Scripting Vulnerabilities

Trust: 1.2

sources: CNVD: CNVD-2012-7992 // CNNVD: CNNVD-201209-563

DESCRIPTION

SonicWALL is a full-featured Internet security appliance designed to meet the needs of a large network with growing VPN needs. Multiple HTML injection vulnerabilities and cross-site scripting vulnerabilities exist in SonicWall AntiSpam & EMail due to insufficient validation of user-supplied input. The HTML and script code provided by the attacker can be run in the context of the affected browser, stealing a cookie-based authentication certificate, or controlling how the site communicates to the user, or there may be other attacks. There are vulnerabilities in AntiSpam & EMail version 7.3.5.6379, other versions may also be affected. Other attacks are also possible

Trust: 0.81

sources: CNVD: CNVD-2012-7992 // BID: 55590

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2012-7992

AFFECTED PRODUCTS

vendor:

model:

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2012-7992

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2012-7992
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2012-7992
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2012-7992

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201209-563

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201209-563

PATCH

title:

SonicWall AntiSpam & EMail Patch for multiple HTML injection vulnerabilities and patches for cross-site scripting vulnerabilities

url:

https://www.cnvd.org.cn/patchinfo/show/36125

Trust: 0.6

sources: CNVD: CNVD-2012-7992

EXTERNAL IDS

db:	BID	id:	55590	Trust: 1.5
db:	CNVD	id:	CNVD-2012-7992	Trust: 0.6
db:	CNNVD	id:	CNNVD-201209-563	Trust: 0.6

sources: CNVD: CNVD-2012-7992 // BID: 55590 // CNNVD: CNNVD-201209-563

REFERENCES

url:	http://www.securityfocus.com/bid/55590	Trust: 1.2
url:	http://www.sonicwall.com/us/products/anti-spam_email_security.html	Trust: 0.3

sources: CNVD: CNVD-2012-7992 // BID: 55590 // CNNVD: CNNVD-201209-563

CREDITS

Benjamin Kunz Mejri

Trust: 0.9

sources: BID: 55590 // CNNVD: CNNVD-201209-563

SOURCES

db:	CNVD	id:	CNVD-2012-7992
db:	BID	id:	55590
db:	CNNVD	id:	CNNVD-201209-563

LAST UPDATE DATE

2022-05-17T01:48:07.225000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-7992	date:	2012-09-27T00:00:00
db:	BID	id:	55590	date:	2012-09-18T20:20:00
db:	CNNVD	id:	CNNVD-201209-563	date:	2012-09-27T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2012-7992	date:	2012-09-27T00:00:00
db:	BID	id:	55590	date:	2012-08-14T00:00:00
db:	CNNVD	id:	CNNVD-201209-563	date:	2012-08-14T00:00:00