cvelistv5 - cve-2008-3821

CVE-2008-3821 (GCVE-0-2008-3821)

Vulnerability from cvelistv5

Published

2009-01-16 21:00

Modified

2024-08-07 09:53

Severity ?

CWE

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI.

References

URL

Tags

	http://jvn.jp/en/jp/JVN28344798/index.html	third-party-advisory, x_refsource_JVN
	http://osvdb.org/51393	vdb-entry, x_refsource_OSVDB
	http://securitytracker.com/id?1021598	vdb-entry, x_refsource_SECTRACK
	http://securityreason.com/securityalert/4916	third-party-advisory, x_refsource_SREASON
	http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19	x_refsource_MISC
	http://www.securityfocus.com/bid/33260	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/47947	vdb-entry, x_refsource_XF
	http://www.vupen.com/english/advisories/2009/0138	vdb-entry, x_refsource_VUPEN
	http://www.cisco.com/en/US/products/products_security_response09186a0080a5c501.html	vendor-advisory, x_refsource_CISCO
	http://secunia.com/advisories/33461	third-party-advisory, x_refsource_SECUNIA
	http://osvdb.org/51394	vdb-entry, x_refsource_OSVDB
	http://www.securityfocus.com/archive/1/500063/100/0/threaded	mailing-list, x_refsource_BUGTRAQ

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:53:00.318Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#28344798",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN28344798/index.html"
          },
          {
            "name": "51393",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/51393"
          },
          {
            "name": "1021598",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1021598"
          },
          {
            "name": "4916",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4916"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19"
          },
          {
            "name": "33260",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33260"
          },
          {
            "name": "cisco-ios-httpserver-ping-xss(47947)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47947"
          },
          {
            "name": "ADV-2009-0138",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0138"
          },
          {
            "name": "20090114 Cisco IOS Cross-Site Scripting Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a5c501.html"
          },
          {
            "name": "33461",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33461"
          },
          {
            "name": "51394",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/51394"
          },
          {
            "name": "20090114 PR08-19: XSS on Cisco IOS HTTP Server",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/500063/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-01-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "JVN#28344798",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN28344798/index.html"
        },
        {
          "name": "51393",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/51393"
        },
        {
          "name": "1021598",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1021598"
        },
        {
          "name": "4916",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4916"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19"
        },
        {
          "name": "33260",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33260"
        },
        {
          "name": "cisco-ios-httpserver-ping-xss(47947)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47947"
        },
        {
          "name": "ADV-2009-0138",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0138"
        },
        {
          "name": "20090114 Cisco IOS Cross-Site Scripting Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a5c501.html"
        },
        {
          "name": "33461",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33461"
        },
        {
          "name": "51394",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/51394"
        },
        {
          "name": "20090114 PR08-19: XSS on Cisco IOS HTTP Server",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/500063/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2008-3821",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#28344798",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN28344798/index.html"
            },
            {
              "name": "51393",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/51393"
            },
            {
              "name": "1021598",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1021598"
            },
            {
              "name": "4916",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4916"
            },
            {
              "name": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19",
              "refsource": "MISC",
              "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19"
            },
            {
              "name": "33260",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/33260"
            },
            {
              "name": "cisco-ios-httpserver-ping-xss(47947)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47947"
            },
            {
              "name": "ADV-2009-0138",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0138"
            },
            {
              "name": "20090114 Cisco IOS Cross-Site Scripting Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a5c501.html"
            },
            {
              "name": "33461",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33461"
            },
            {
              "name": "51394",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/51394"
            },
            {
              "name": "20090114 PR08-19: XSS on Cisco IOS HTTP Server",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/500063/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2008-3821",
    "datePublished": "2009-01-16T21:00:00.000Z",
    "dateReserved": "2008-08-27T00:00:00.000Z",
    "dateUpdated": "2024-08-07T09:53:00.318Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2009-AVI-017

Vulnerability from certfr_avis

Deux vulnérabilités de type « injection de code indirecte » ont été identifiées dans le serveur HTTP du système Cisco IOS.

Description

Deux vulnérabilités de type « injection de code indirecte » ont été identifiées dans le serveur HTTP du système Cisco IOS.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco IOS versions 11.0 à 12.4 avec le serveur HTTP activé.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

cve-2008-3821

Vulnerability from jvndb

Published

2009-01-15 19:14

Modified

2009-01-15 19:14

Severity ?

() - -

Summary

Cisco IOS cross-site scripting vulnerability

Details

The web-based interface implemented in Cisco IOS is vulnerable to cross-site scripting. Some versions of the Cisco IOS provide a web-based interface to configure the device. This web-based interface contains a cross-site scripting vulnerability. A wide range of versions are affected. If the web-based interface is disabled, it is not affected. Some versions of the Cisco IOS have the web-based interface enabled by default. For more information, refer to the information provided by Cisco. NOBUHIRO TSUJI of NTT DATA SECURITY CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN28344798/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3821
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3821
	JVNDB_Ja	http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000006.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

Cisco Systems, Inc.

Cisco IOS

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000006.html",
  "dc:date": "2009-01-15T19:14+09:00",
  "dcterms:issued": "2009-01-15T19:14+09:00",
  "dcterms:modified": "2009-01-15T19:14+09:00",
  "description": "The web-based interface implemented in Cisco IOS is vulnerable to cross-site scripting. \r\n\r\nSome versions of the Cisco IOS provide a web-based interface to configure the device. This web-based interface contains a cross-site scripting vulnerability.\r\n\r\nA wide range of versions are affected.\r\n\r\nIf the web-based interface is disabled, it is not affected. Some versions of the Cisco IOS have the web-based interface enabled by default.\r\nFor more information, refer to the information provided by Cisco.\r\n\r\nNOBUHIRO TSUJI of NTT DATA SECURITY CORPORATION reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000006.html",
  "sec:cpe": {
    "#text": "cpe:/o:cisco:ios",
    "@product": "Cisco IOS",
    "@vendor": "Cisco Systems, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2009-000006",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN28344798/index.html",
      "@id": "JVN#28344798",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3821",
      "@id": "CVE-2008-3821",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3821",
      "@id": "CVE-2008-3821",
      "@source": "NVD"
    },
    {
      "#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000006.html",
      "@id": "JVNDB-2009-000006",
      "@source": "JVNDB_Ja"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Cisco IOS cross-site scripting vulnerability"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-3821 (GCVE-0-2008-3821)

Vulnerability from cvelistv5

CERTA-2009-AVI-017

Vulnerability from certfr_avis

Description

Solution

cve-2008-3821

Vulnerability from jvndb

Tags

Sightings

Nomenclature