The remote Barracuda Spam Firewall device is using a firmware version earlier than 3.5.12.007. Such versions reportedly are affected by several issues :
There is a SQL injection vulnerability involving the ‘pattern_x’ parameter (where x=0…n) of the ‘cgi-bin/index.cgi’ script when ‘filter_x’ is set to ‘search_count_equals’. Successful exploitation requires credentials. (CVE-2008-1094)
There are multiple cross-site scripting vulnerabilities due to a failure to sanitize user input when displaying error messages and involving multiple hidden input elements. (CVE-2008-0971)
Binary data 4795.prm
Vendor | Product | Version | CPE |
---|---|---|---|
barracuda_networks | barracuda_spam_firewall | cpe:/h:barracuda_networks:barracuda_spam_firewall |
archives.neohapsis.com/archives/bugtraq/2008-12/0174.html
archives.neohapsis.com/archives/bugtraq/2008-12/0175.html
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0971
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1094
dcsl.ul.ie/advisories/02.htm
dcsl.ul.ie/advisories/03.htm
www.barracudanetworks.com/ns/support/tech_alert.php