CVE-2012-5316 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam & Virus Firewall 600 Firmware 4.0.1.009 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) Troubleshooting in the Trace route Device module or (2) LDAP Username in the LDAP Configuration module.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00201.

Key SSVC decision points have not yet been added.

Vendors	Products
Barracudanetworks	Spam \& Virus Firewall 600 Spam \& Virus Firewall 600 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:barracudanetworks:spam_\&_virus_firewall_600_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:barracudanetworks:spam_\&_virus_firewall_600:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2012-5239	Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam & Virus Firewall 600 Firmware 4.0.1.009 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) Troubleshooting in the Trace route Device module or (2) LDAP Username in the LDAP Configuration module.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2012-01/0130.html
http://www.securityfocus.com/bid/51599
http://www.vulnerability-lab.com/get_content.php?id=28
https://exchange.xforce.ibmcloud.com/vulnerabilities/72579

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-10-08T17:00:00

Updated: 2024-08-06T21:05:47.111Z

Reserved: 2012-10-08T00:00:00

Link: CVE-2012-5316

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-10-08T17:55:01.293

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-5316

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-01-19T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam & Virus Firewall 600 Firmware 4.0.1.009 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) Troubleshooting in the Trace route Device module or (2) LDAP Username in the LDAP Configuration module."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "51599", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/51599"}, {"name": "barracudaspam-multiple-xss(72579)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72579"}, {"name": "20120120 [Suspected Spam] Barracuda Spam/Virus WAF 600 - Multiple Web Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0130.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.vulnerability-lab.com/get_content.php?id=28"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5316", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam & Virus Firewall 600 Firmware 4.0.1.009 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) Troubleshooting in the Trace route Device module or (2) LDAP Username in the LDAP Configuration module."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "51599", "refsource": "BID", "url": "http://www.securityfocus.com/bid/51599"}, {"name": "barracudaspam-multiple-xss(72579)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72579"}, {"name": "20120120 [Suspected Spam] Barracuda Spam/Virus WAF 600 - Multiple Web Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0130.html"}, {"name": "http://www.vulnerability-lab.com/get_content.php?id=28", "refsource": "MISC", "url": "http://www.vulnerability-lab.com/get_content.php?id=28"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:05:47.111Z"}, "title": "CVE Program Container", "references": [{"name": "51599", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/51599"}, {"name": "barracudaspam-multiple-xss(72579)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72579"}, {"name": "20120120 [Suspected Spam] Barracuda Spam/Virus WAF 600 - Multiple Web Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0130.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.vulnerability-lab.com/get_content.php?id=28"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-5316", "datePublished": "2012-10-08T17:00:00", "dateReserved": "2012-10-08T00:00:00", "dateUpdated": "2024-08-06T21:05:47.111Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:barracudanetworks:spam_\\&_virus_firewall_600_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3A5966D-E84E-4AB8-A06A-383002EA49E7", "versionEndIncluding": "4.0.1.009", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:barracudanetworks:spam_\\&_virus_firewall_600:-:*:*:*:*:*:*:*", "matchCriteriaId": "C9EDC527-64EE-44D4-9927-9400FBC8A4DC", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam & Virus Firewall 600 Firmware 4.0.1.009 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) Troubleshooting in the Trace route Device module or (2) LDAP Username in the LDAP Configuration module."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Barracuda Spam & Virus Firewall 600 Firmware v4.0.1.009 y anteriores permite a atacantes remotos autenticados inyectar secuencias de comandos web o HTML mediante (1) Troubleshosting en el Trace route Device o (2) LDAP Username en el m\u00f3dulo de configuraci\u00f3n de LDAP"}], "id": "CVE-2012-5316", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-10-08T17:55:01.293", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0130.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/51599"}, {"source": "cve@mitre.org", "url": "http://www.vulnerability-lab.com/get_content.php?id=28"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72579"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0130.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/51599"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vulnerability-lab.com/get_content.php?id=28"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72579"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}