Details of VAR-201212-0407

ID

VAR-201212-0407

TITLE

Loadbalancer Enterprise R16 HTML Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2012-7581

DESCRIPTION

Loadbalancer Enterprise R16 is a load balancing device. Loadbalancer Enterprise R16 has multiple HTML injection vulnerabilities that allow an attacker to build malicious web pages, entice users to parse, get sensitive information, or hijack user sessions. Enterprise R16 is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible

Trust: 0.81

sources: CNVD: CNVD-2012-7581 // BID: 56979

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2012-7581

AFFECTED PRODUCTS

vendor:

loadbalancer

model:

enterprise r16

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2012-7581

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201212-286

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201212-286

EXTERNAL IDS

db:	BID	id:	56979	Trust: 1.5
db:	CNVD	id:	CNVD-2012-7581	Trust: 0.6
db:	CNNVD	id:	CNNVD-201212-286	Trust: 0.6

sources: CNVD: CNVD-2012-7581 // BID: 56979 // CNNVD: CNNVD-201212-286

REFERENCES

url:	http://www.securityfocus.com/bid/56979/	Trust: 0.6
url:	http://www.securityfocus.com/bid/56979	Trust: 0.6
url:	http://loadbalancer.org/r16.php	Trust: 0.3
url:	/archive/1/525088	Trust: 0.3

sources: CNVD: CNVD-2012-7581 // BID: 56979 // CNNVD: CNNVD-201212-286

CREDITS

Ibrahim El-Sayed

Trust: 0.9

sources: BID: 56979 // CNNVD: CNNVD-201212-286

SOURCES

db:	CNVD	id:	CNVD-2012-7581
db:	BID	id:	56979
db:	CNNVD	id:	CNNVD-201212-286

LAST UPDATE DATE

2022-05-17T02:03:24.399000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-7581	date:	2012-12-21T00:00:00
db:	BID	id:	56979	date:	2012-12-18T00:00:00
db:	CNNVD	id:	CNNVD-201212-286	date:	2012-12-21T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2012-7581	date:	2012-12-21T00:00:00
db:	BID	id:	56979	date:	2012-12-18T00:00:00
db:	CNNVD	id:	CNNVD-201212-286	date:	2012-12-21T00:00:00