Vulnerability Name: | CVE-2008-0925 (CCN-43151) |
Assigned: | 2008-06-17 |
Published: | 2008-06-17 |
Updated: | 2017-08-08 |
Summary: | Cross-site scripting (XSS) vulnerability in the iMonitor interface in Novell eDirectory 8.7.3.x before 8.7.3 sp10, and 8.8.x before 8.8.2 ftf2, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters that are used within "error messages of the HTTP stack."
|
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): None Integrity (I): Low Availibility (A): None |
|
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None | Impact Metrics: | Confidentiality (C): None Integrity (I): Partial Availibility (A): None | 4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
| Impact Metrics: | Confidentiality (C): None Integrity (I): Partial Availibility (A): None |
|
Vulnerability Type: | CWE-79
|
Vulnerability Consequences: | Gain Access |
References: | Source: MITRE Type: CNA CVE-2008-0925
Source: CCN Type: SA30748 Novell eDirectory iMonitor Error Message Cross-Site Scripting
Source: SECUNIA Type: Vendor Advisory 30748
Source: CCN Type: SECTRACK ID: 1020321 Novell eDirectory Input Validation Hole in iMonitor Error Messages Permits Cross-Site Scripting Attacks
Source: SECTRACK Type: UNKNOWN 1020321
Source: CONFIRM Type: UNKNOWN http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html
Source: CONFIRM Type: UNKNOWN http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html
Source: CCN Type: Novell Security Alert Document ID: 3460217 Security Vulnerability - XSS Cross Site Scripting in iMonitor error messages
Source: CONFIRM Type: UNKNOWN http://www.novell.com/support/viewContent.do?externalId=3460217&sliceId=1
Source: CCN Type: OSVDB ID: 46303 Novell eDirectory Xplat iMonitor HTTP Stack Error Message XSS
Source: BID Type: UNKNOWN 29782
Source: CCN Type: BID-29782 Novell eDirectory iMonitor Unspecified Cross-Site Scripting Vulnerability
Source: VUPEN Type: UNKNOWN ADV-2008-1863
Source: XF Type: UNKNOWN novell-edirectory-imonitor-xss(43151)
Source: XF Type: UNKNOWN novell-edirectory-imonitor-xss(43151)
|
Vulnerable Configuration: | Configuration 1: cpe:/a:novell:edirectory:8.7.3.9:*:linux:*:*:*:*:*OR cpe:/a:novell:edirectory:8.7.3.9:*:solaris:*:*:*:*:*OR cpe:/a:novell:edirectory:8.7.3.9:*:windows_2000:*:*:*:*:*OR cpe:/a:novell:edirectory:8.7.3.9:*:windows_2003:*:*:*:*:*OR cpe:/a:novell:edirectory:8.8:*:linux:*:*:*:*:*OR cpe:/a:novell:edirectory:8.8:*:solaris:*:*:*:*:*OR cpe:/a:novell:edirectory:8.8:*:windows_2000:*:*:*:*:*OR cpe:/a:novell:edirectory:8.8:*:windows_2003:*:*:*:*:*OR cpe:/a:novell:edirectory:8.8.1:*:linux:*:*:*:*:*OR cpe:/a:novell:edirectory:8.8.1:*:solaris:*:*:*:*:*OR cpe:/a:novell:edirectory:8.8.1:*:windows_2000:*:*:*:*:*OR cpe:/a:novell:edirectory:8.8.1:*:windows_2003:*:*:*:*:*OR cpe:/a:novell:edirectory:8.8.2:*:linux:*:*:*:*:*OR cpe:/a:novell:edirectory:8.8.2:*:solaris:*:*:*:*:*OR cpe:/a:novell:edirectory:8.8.2:*:windows_2000:*:*:*:*:*OR cpe:/a:novell:edirectory:8.8.2:*:windows_2003:*:*:*:*:* Configuration CCN 1: cpe:/a:novell:edirectory:8.8:*:*:*:*:*:*:*OR cpe:/a:novell:edirectory:8.8.1:*:*:*:*:*:*:*OR cpe:/a:novell:edirectory:8.7.3.9:*:*:*:*:*:*:*OR cpe:/a:novell:edirectory:8.8.2:*:*:*:*:*:*:*
Denotes that component is vulnerable |
BACK |