CVE-2009-1162

Published Jun 5, 2009

Last updated 8 years ago

CVSS info 4.3

Overview

Description: Cross-site scripting (XSS) vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.0.0-754:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "477A66C5-9B97-4363-8374-7AAD50A6203A"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.0.0-757:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01DB8C2D-5C38-4171-AE6F-FB224AEC3225"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.1.0-301:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1913AA9-2FF7-43BF-902A-A0730D375580"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.1.0-304:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22339A19-2486-4916-B63F-8D0095CE2CAE"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.1.0-306:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD01E9B8-6787-4658-9E45-2B4916BB0409"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.1.0-307:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30A807C2-CE36-4760-BC2A-D9A6AEA1D65B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.1.5-110:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5134EEAA-DE71-4283-B3D3-2923749EE92D"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.1.6-003:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEB855ED-197C-4CAC-A5B8-E02D598320EE"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.3.5-003:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F99C6CBC-4044-45A1-B79C-C54E4A13F41B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.3.6-003:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29EB3C86-E8EF-4AE2-A8DC-C0B912F27F0D"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.5.0-405:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4716DAB7-C9E9-47DE-946B-B5B8F0768985"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.5.1-005:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F240870-D97A-458A-9485-24CAD3816E68"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.6.4.0-273:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5A6548C-217F-4496-8DF2-4EF2A775BF7D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ironport_email_security_appliances:*:c:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9211A16-3F60-4FEF-9164-93A8DC447A76"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ironport_email_security_appliances:*:m:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "202BD85B-AE22-4638-A344-E5C75C4CC243"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ironport_email_security_appliances:*:x:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79F52D0C-C0D9-4802-9A07-968F6F68C038"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References