CVE-2008-3821

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI.

Reference

http://jvn.jp/en/jp/JVN28344798/index.html
http://osvdb.org/51393
http://osvdb.org/51394
http://secunia.com/advisories/33461
http://securityreason.com/securityalert/4916
http://securitytracker.com/id?1021598
http://www.cisco.com/en/US/products/products_security_response09186a0080a5c501.html
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19
http://www.securityfocus.com/archive/1/500063/100/0/threaded
http://www.securityfocus.com/bid/33260
http://www.vupen.com/english/advisories/2009/0138
https://exchange.xforce.ibmcloud.com/vulnerabilities/47947

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-10-2018 - 20:49

Objavljeno

16-01-2009 - 21:30