Lucene search

[email protected]CVE-2011-0767

HistoryJun 06, 2011 - 7:55 p.m.

CVE-2011-0767

2011-06-0619:55:01

CWE-79

[email protected]

web.nvd.nist.gov

cve-2011-0767

cross-site scripting

xss vulnerability

imperva securesphere

web application firewall

bug id 31759

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.4%

JSON

Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID 31759.

Affected configurations

NVD

Node

impervasecuresphere_web_application_firewallMatch6.2

impervasecuresphere_web_application_firewallMatch7.0

impervasecuresphere_web_application_firewallMatch7.0.0.7061

impervasecuresphere_web_application_firewallMatch7.0.0.7078

impervasecuresphere_web_application_firewallMatch7.5

impervasecuresphere_web_application_firewallMatch8.0

impervasecuresphere_web_application_firewallMatch8.5

CPENameOperatorVersion
imperva:securesphere_web_application_firewallimperva securesphere web application firewalleq6.2
imperva:securesphere_web_application_firewallimperva securesphere web application firewalleq7.0
imperva:securesphere_web_application_firewallimperva securesphere web application firewalleq7.0.0.7061
imperva:securesphere_web_application_firewallimperva securesphere web application firewalleq7.0.0.7078
imperva:securesphere_web_application_firewallimperva securesphere web application firewalleq7.5
imperva:securesphere_web_application_firewallimperva securesphere web application firewalleq8.0
imperva:securesphere_web_application_firewallimperva securesphere web application firewalleq8.5

CPE	Name	Operator	Version
imperva:securesphere_web_application_firewall	imperva securesphere web application firewall	eq	6.2
imperva:securesphere_web_application_firewall	imperva securesphere web application firewall	eq	7.0
imperva:securesphere_web_application_firewall	imperva securesphere web application firewall	eq	7.0.0.7061
imperva:securesphere_web_application_firewall	imperva securesphere web application firewall	eq	7.0.0.7078
imperva:securesphere_web_application_firewall	imperva securesphere web application firewall	eq	7.5
imperva:securesphere_web_application_firewall	imperva securesphere web application firewall	eq	8.0
imperva:securesphere_web_application_firewall	imperva securesphere web application firewall	eq	8.5

References

secunia.com/advisories/44772

www.imperva.com/resources/adc/adc_advisories_response_secureworks.html

www.kb.cert.org/vuls/id/567774

www.secureworks.com/research/advisories/SWRX-2011-001/

exchange.xforce.ibmcloud.com/vulnerabilities/67779

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.4%

JSON

Related for CVE-2011-0767

cvelist1 prion1 cert1 nvd1