Vulnerability Name:

CVE-2005-1710 (CCN-20725)

Assigned:2005-05-20
Published:2005-05-20
Updated:2016-10-18
Summary:Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat Reporter before 7.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the username in an Add User window or (2) the license key (volatile.license_to_add parameter) in the Licensing page.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2005-1710

Source: BUGTRAQ
Type: UNKNOWN
20050524 Blue Coat Reporter multiple remote vulnerabilities

Source: CCN
Type: SA15452
Blue Coat Reporter Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
15452

Source: CCN
Type: Blue Coat Reporter Web site
Blue Coat Systems - Reporter

Source: CCN
Type: Blue Coat Security Advisory
Security Advisory: Blue Coat Reporter Vulnerabilities

Source: CONFIRM
Type: Patch
http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html

Source: OSVDB
Type: UNKNOWN
16765

Source: OSVDB
Type: UNKNOWN
16766

Source: CCN
Type: OSVDB ID: 16765
Blue Coat Reporter Add User Window username Parameter XSS

Source: CCN
Type: OSVDB ID: 16766
Blue Coat Reporter Licensing Page license key Parameter XSS

Source: CCN
Type: BID-13723
Blue Coat Reporter Remote Privilege Escalation Vulnerability

Source: CCN
Type: BID-13725
Blue Coat Reporter License HTML Injection Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2005-0589

Source: XF
Type: UNKNOWN
bluecoatreporter-licensing-xss(20725)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:bluecoat:reporter:*:*:*:*:*:*:*:* (Version <= 7.1.1)

    • Configuration CCN 1:
  • cpe:/a:bluecoat:reporter:*:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2005-1710 (CCN-20726)

    Assigned:2005-05-20
    Published:2005-05-20
    Updated:2016-10-18
    Summary:Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat Reporter before 7.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the username in an Add User window or (2) the license key (volatile.license_to_add parameter) in the Licensing page.
    CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): High
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): Low
    Availibility (A): None
    CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
    3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Medium
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): Partial
    Availibility (A): None
    2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
    2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): High
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): Partial
    Availibility (A): None
    Vulnerability Type:CWE-Other
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2005-1710

    Source: CCN
    Type: SA15452
    Blue Coat Reporter Multiple Vulnerabilities

    Source: CCN
    Type: Blue Coat Reporter Web site
    Blue Coat Systems - Reporter

    Source: CCN
    Type: Blue Coat Security Advisory
    Security Advisory: Blue Coat Reporter Vulnerabilities

    Source: CCN
    Type: OSVDB ID: 16765
    Blue Coat Reporter Add User Window username Parameter XSS

    Source: CCN
    Type: OSVDB ID: 16766
    Blue Coat Reporter Licensing Page license key Parameter XSS

    Source: CCN
    Type: BID-13723
    Blue Coat Reporter Remote Privilege Escalation Vulnerability

    Source: XF
    Type: UNKNOWN
    bluecoatreporter-add-user-xss(20726)

    BACK
    bluecoat reporter *
    bluecoat reporter *
    redhat linux *
    microsoft windows 2003_server