Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3821

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-3821
Last Modified 07 Mar 2011 10:11:27
Published 16 Jan 2009 04:30:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3821

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI.

Vulnerable Systems

Operating System

  • Cisco Ios 12.4ja

  • Cisco Ios 12.4jda

  • Cisco Ios 12.4jk

  • Cisco Ios 12.4jl

  • Cisco Ios 12.4jma

  • Cisco Ios 12.4jmb

  • Cisco Ios 12.4jx

  • Cisco Ios 12.4md

  • Cisco Ios 12.4mr


References

XF - cisco-ios-httpserver-ping-xss(47947)

VUPEN - ADV-2009-0138

BID - 33260

BUGTRAQ - 20090114 PR08-19: XSS on Cisco IOS HTTP Server

MISC - http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19

CISCO - 20090114 Cisco IOS Cross-Site Scripting Vulnerabilities

SECTRACK - 1021598

SREASON - 4916

SECUNIA - 33461

OSVDB - 51394

OSVDB - 51393

JVN - JVN#28344798


Last Updated: 27 May 2016 10:48:19