Barracuda Spam Firewall Web Administration Console Username HTML Injection Vulnerability
BID:25757
Info
Barracuda Spam Firewall Web Administration Console Username HTML Injection Vulnerability
| Bugtraq ID: | 25757 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-5058 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 21 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | Federico Kirschbaum is credited with the discovery of this vulnerability. |
| Vulnerable: |
Barracuda Spam Firewall 3.4.10.102 |
| Not Vulnerable: |
Barracuda Spam Firewall 3.5.10.106 |
Discussion
Barracuda Spam Firewall Web Administration Console Username HTML Injection Vulnerability
Barracuda Spam Firewall is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
This issue affects Barracuda Spam Firewall firmware 3.4.10.102; other versions may also be affected.
Barracuda Spam Firewall is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
This issue affects Barracuda Spam Firewall firmware 3.4.10.102; other versions may also be affected.
Exploit / POC
Barracuda Spam Firewall Web Administration Console Username HTML Injection Vulnerability
Attackers can exploit this issue via a browser.
Attackers can exploit this issue via a browser.
Solution / Fix
Barracuda Spam Firewall Web Administration Console Username HTML Injection Vulnerability
Solution:
The vendor released firmware 3.5.10.106 to address this issue. Please see the references for more information.
Solution:
The vendor released firmware 3.5.10.106 to address this issue. Please see the references for more information.
References
Barracuda Spam Firewall Web Administration Console Username HTML Injection Vulnerability
References:
References:
- Barracuda Networks Spam Firewall Home Page (Barracuda Networks)
- Barracuda Networks Tech Alerts (Barracuda Networks)
- [ISR] - Barracuda Spam Firewall. Cross-Site Scripting ([email protected])