 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.803754 |
| Categoría: | CISCO |
| Título: | Cisco Content Security Management Appliance XSS and CSRF Vulnerabilities |
| Resumen: | Cisco Content Security Management Appliance is prone to cross site scripting and cross site request forgery vulnerabilities. |
| Descripción: | Summary: Cisco Content Security Management Appliance is prone to cross site scripting and cross site request forgery vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - The lack of output escaping in the default error 500 page. When an exception occurs in the application, the error description contains user unvalidated input from the request. - The lack of input validation on job_name, job_type, appliances_options and config_master parameters which are then printed unscapped on job_name, old_job_name, job_type, appliance_lists and config_master fields. - The CSRFKey is not used in some areas of the application. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Affected Software/OS: Cisco Content Security Management Appliance (SMA) 8.1 and prior. Solution: Upgrade to latest version of Cisco CSMA. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-3395 Cisco Security Advisory: 20130626 Cisco IronPort Cross-Site Request Forgery Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3395 Common Vulnerability Exposure (CVE) ID: CVE-2013-3396 BugTraq ID: 60829 http://www.securityfocus.com/bid/60829 Cisco Security Advisory: 20130626 Cisco Content Security Management Cross-Site Scripting Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3396 |
| Copyright | Copyright (C) 2013 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |