CVE-2008-2167 - Vulnerability Details - OpenCVE

Cross-site scripting (XSS) vulnerability in ZyXEL ZyWALL 100 allows remote attackers to inject arbitrary web script or HTML via the Referer header, which is not properly handled in a 404 Error page.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zyxel	Zywall 100

Configuration 1 [-]

cpe:2.3:h:zyxel:zywall_100:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062152.html
http://secunia.com/advisories/30142
http://securityreason.com/securityalert/3869
http://www.securityfocus.com/archive/1/491818/100/0/threaded
http://www.securityfocus.com/bid/29110
http://www.securitytracker.com/id?1020000
http://www.vupen.com/english/advisories/2008/1501/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42282

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-05-13T20:14:00

Updated: 2024-08-07T08:49:58.581Z

Reserved: 2008-05-13T00:00:00

Link: CVE-2008-2167

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-05-13T20:20:00.000

Modified: 2024-11-21T00:46:14.230

Link: CVE-2008-2167

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-05-08T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in ZyXEL ZyWALL 100 allows remote attackers to inject arbitrary web script or HTML via the Referer header, which is not properly handled in a 404 Error page."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "29110", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29110"}, {"name": "ADV-2008-1501", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1501/references"}, {"name": "1020000", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020000"}, {"name": "20080508 ZYWALL Referer Header XSS Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/491818/100/0/threaded"}, {"name": "3869", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3869"}, {"name": "20080508 ZYWALL Referer Header XSS Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062152.html"}, {"name": "zywall-referer-xss(42282)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42282"}, {"name": "30142", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30142"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2167", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in ZyXEL ZyWALL 100 allows remote attackers to inject arbitrary web script or HTML via the Referer header, which is not properly handled in a 404 Error page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "29110", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29110"}, {"name": "ADV-2008-1501", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1501/references"}, {"name": "1020000", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020000"}, {"name": "20080508 ZYWALL Referer Header XSS Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/491818/100/0/threaded"}, {"name": "3869", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3869"}, {"name": "20080508 ZYWALL Referer Header XSS Vulnerability", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062152.html"}, {"name": "zywall-referer-xss(42282)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42282"}, {"name": "30142", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30142"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:49:58.581Z"}, "title": "CVE Program Container", "references": [{"name": "29110", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29110"}, {"name": "ADV-2008-1501", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1501/references"}, {"name": "1020000", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1020000"}, {"name": "20080508 ZYWALL Referer Header XSS Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/491818/100/0/threaded"}, {"name": "3869", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3869"}, {"name": "20080508 ZYWALL Referer Header XSS Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062152.html"}, {"name": "zywall-referer-xss(42282)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42282"}, {"name": "30142", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30142"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2167", "datePublished": "2008-05-13T20:14:00", "dateReserved": "2008-05-13T00:00:00", "dateUpdated": "2024-08-07T08:49:58.581Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:zywall_100:*:*:*:*:*:*:*:*", "matchCriteriaId": "A042AAA7-22D2-4E82-9D4A-6BA5974F3238", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in ZyXEL ZyWALL 100 allows remote attackers to inject arbitrary web script or HTML via the Referer header, which is not properly handled in a 404 Error page."}, {"lang": "es", "value": "Vulnerabilidad de Secuencias de comandos en sitios cruzados en ZyWALL 100 de ZyXEL, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de la cabecera Referer, la cual no se gestiona correctamente en una p\u00e1gina de Error 404"}], "id": "CVE-2008-2167", "lastModified": "2024-11-21T00:46:14.230", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-05-13T20:20:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062152.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30142"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3869"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/491818/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/29110"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1020000"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1501/references"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42282"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062152.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30142"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3869"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/491818/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/29110"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1020000"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1501/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42282"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}