Details of VAR-201506-0166

ID

VAR-201506-0166

CVE

CVE-2015-0774

TITLE

Cisco Application and Content Networking System Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-03781 // CNNVD: CNNVD-201506-236

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco Application and Content Networking System (ACNS) 5.5(9) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu70650. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuu70650

Trust: 2.52

sources: NVD: CVE-2015-0774 // JVNDB: JVNDB-2015-003071 // CNVD: CNVD-2015-03781 // BID: 75097 // VULHUB: VHN-78720

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-03781

AFFECTED PRODUCTS

vendor:	cisco	model:	application and content networking system software	scope:	eq	version:	5.5\(9\)	Trust: 1.6
vendor:	cisco	model:	application and content networking system	scope:	eq	version:	5.5(9)	Trust: 1.1
vendor:	cisco	model:	acns	scope:	eq	version:	5.5(9)	Trust: 0.6

sources: CNVD: CNVD-2015-03781 // BID: 75097 // JVNDB: JVNDB-2015-003071 // CNNVD: CNNVD-201506-236 // NVD: CVE-2015-0774

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0774
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0774
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-03781
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201506-236
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78720
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0774
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-03781
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-78720
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-03781 // VULHUB: VHN-78720 // JVNDB: JVNDB-2015-003071 // CNNVD: CNNVD-201506-236 // NVD: CVE-2015-0774

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-78720 // JVNDB: JVNDB-2015-003071 // NVD: CVE-2015-0774

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-236

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201506-236

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003071

PATCH

title:	39257	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=39257	Trust: 0.8
title:	Patch for Cisco Application and Content Networking System Cross-Site Scripting Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/59672	Trust: 0.6

sources: CNVD: CNVD-2015-03781 // JVNDB: JVNDB-2015-003071

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0774	Trust: 3.4
db:	SECTRACK	id:	1032539	Trust: 1.1
db:	BID	id:	75097	Trust: 1.0
db:	JVNDB	id:	JVNDB-2015-003071	Trust: 0.8
db:	CNNVD	id:	CNNVD-201506-236	Trust: 0.7
db:	CNVD	id:	CNVD-2015-03781	Trust: 0.6
db:	VULHUB	id:	VHN-78720	Trust: 0.1

sources: CNVD: CNVD-2015-03781 // VULHUB: VHN-78720 // BID: 75097 // JVNDB: JVNDB-2015-003071 // CNNVD: CNNVD-201506-236 // NVD: CVE-2015-0774

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39257	Trust: 2.6
url:	http://www.securitytracker.com/id/1032539	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0774	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0774	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-03781 // VULHUB: VHN-78720 // BID: 75097 // JVNDB: JVNDB-2015-003071 // CNNVD: CNNVD-201506-236 // NVD: CVE-2015-0774

CREDITS

Cisco

Trust: 0.3

sources: BID: 75097

SOURCES

db:	CNVD	id:	CNVD-2015-03781
db:	VULHUB	id:	VHN-78720
db:	BID	id:	75097
db:	JVNDB	id:	JVNDB-2015-003071
db:	CNNVD	id:	CNNVD-201506-236
db:	NVD	id:	CVE-2015-0774

LAST UPDATE DATE

2025-04-13T23:34:04.680000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-03781	date:	2015-06-16T00:00:00
db:	VULHUB	id:	VHN-78720	date:	2017-01-04T00:00:00
db:	BID	id:	75097	date:	2015-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2015-003071	date:	2015-06-15T00:00:00
db:	CNNVD	id:	CNNVD-201506-236	date:	2015-06-15T00:00:00
db:	NVD	id:	CVE-2015-0774	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-03781	date:	2015-06-15T00:00:00
db:	VULHUB	id:	VHN-78720	date:	2015-06-12T00:00:00
db:	BID	id:	75097	date:	2015-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2015-003071	date:	2015-06-15T00:00:00
db:	CNNVD	id:	CNNVD-201506-236	date:	2015-06-15T00:00:00
db:	NVD	id:	CVE-2015-0774	date:	2015-06-12T10:59:03.587