Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4685

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-4685
Last Modified 29 Aug 2012 12:00:00
Published 28 Aug 2012 01:55:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4685

Summary

Cross-site scripting (XSS) vulnerability in Arbor Networks Peakflow SP 5.1.1 before patch 6, 5.5 before patch 4, and 5.6.0 before patch 1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.

Vulnerable Systems

Application

  • Arbornetworks Peakflow Sp 5.1.1

  • Arbornetworks Peakflow Sp 5.5

  • Arbornetworks Peakflow Sp 5.6.0


References

XF - peakflowsp-login-xss(74648)

BID - 52881

SECUNIA - 48728

BUGTRAQ - 20120404 Re: Arbor Networks Peakflow SP web interface XSS

BUGTRAQ - 20120403 Arbor Networks Peakflow SP web interface XSS


Last Updated: 27 May 2016 11:00:22