Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Cisco Content Security Management Appliance XSS and CSRF Vulnerabilities
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
This host is running Cisco Content Security Management Appliance and is prone to cross site scripting and cross site request forgery vulnerabilities.
Insight
Insight
Multiple flaws are due to, - The lack of output escaping in the default error 500 page. When a exception occurs in the application, the error description contains user unvalidated input from the request. - The lack of input validation on job_name, job_type, appliances_options and config_master parameters which are then printed unscapped on job_name, old_job_name, job_type, appliance_lists and config_master fields. - The CSRFKey is not used in some areas of the application.
Affected Software
Affected Software
Cisco Content Security Management Appliance (SMA) 8.1 and prior
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Upgrade to latest version of Cisco CSMA or apply the patch.
Common Vulnerabilities and Exposures (CVE)
References
- http://1337day.com/exploit/21168
- http://packetstormsecurity.com/files/122955
- http://tools.cisco.com/security/center/viewAlert.x?alertId=29844
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE
- http://exploitsdownload.com/exploit/na/cisco-ironport-cross-site-reque
- http://www.cisco.com/en/US/products/ps12503/index.html