CVE-2008-0971

CVSS V2 Low 3.5 CVSS V3 None
Description
Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Barracuda Spam Firewall (BSF) before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before 3.1.01.017, and Load Balancer before 2.3.024 allow remote attackers to inject arbitrary web script or HTML via (1) the Policy Name field in Search Based Retention Policy in Message Archiver; unspecified parameters in the (2) IP Configuration, (3) Administration, (4) Journal Accounts, (5) Retention Policy, and (6) GroupWise Sync components in Message Archiver; (7) input to search operations in Web Filter; and (8) input used in error messages and (9) hidden INPUT elements in (a) Spam Firewall, (b) IM Firewall, and (c) Web Filter.
Overview
  • CVE ID
  • CVE-2008-0971
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2008-12-19T17:30:00
  • Last Modified Date
  • 2018-10-15T22:03:59
Weakness Enumerations
CWE URL
CWE-79 http://cwe.mitre.org/data/definitions/79.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:h:barracuda_networks:barracuda_im_firewall:*:*:*:*:*:*:*:* 1 OR 3.0.01.008
cpe:2.3:h:barracuda_networks:barracuda_load_balancer:*:*:*:*:*:*:*:* 1 OR 2.2.006
cpe:2.3:h:barracuda_networks:barracuda_message_archiver:*:*:*:*:*:*:*:* 1 OR 1.1.0.010
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:*:*:*:*:*:*:*:* 1 OR 3.5.11.020
cpe:2.3:h:barracuda_networks:barracuda_web_filter:*:*:*:*:*:*:*:* 1 OR 3.3.0.038
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:S/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • SINGLE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 3.5
  • Severity
  • LOW
  • Exploitability Score
  • 6.8
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://secunia.com/advisories/33164 Vendor Advisory
http://securitytracker.com/id?1021454
http://www.barracudanetworks.com/ns/support/tech_alert.php Vendor Advisory
http://dcsl.ul.ie/advisories/03.htm
http://www.osvdb.org/50709
http://securityreason.com/securityalert/4792
http://www.securityfocus.com/archive/1/499294/100/0/threaded
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2008-0971
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0971
History
Created Old Value New Value Data Type Notes
2022-05-10 18:18:14 Added to TrackCVE