CVE-2011-0767 : Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web A

Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID 31759.

Published 2011-06-06 19:55:01

Updated 2017-08-17 01:33:44

Source CERT/CC

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Exploit prediction scoring system (EPSS) score for CVE-2011-0767

Probability of exploitation activity in the next 30 days: 0.36%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 68 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2011-0767

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2011-0767

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-0767

http://www.imperva.com/resources/adc/adc_advisories_response_secureworks.html

Page not found | Resource Library
Vendor Advisory
http://www.secureworks.com/research/advisories/SWRX-2011-001/

404 | Secureworks
https://exchange.xforce.ibmcloud.com/vulnerabilities/67779

Imperva SecureSphere Web Application Firewall Web server cross-site scripting CVE-2011-0767 Vulnerability Report
http://www.kb.cert.org/vuls/id/567774

VU#567774 - Imperva SecureSphere management GUI contains an XSS vulnerability
US Government Resource

Products affected by CVE-2011-0767

Imperva » Securesphere Web Application Firewall » Version: 7.0.0.7078
cpe:2.3:a:imperva:securesphere_web_application_firewall:7.0.0.7078:*:*:*:*:*:*:*
Matching versions
Imperva » Securesphere Web Application Firewall » Version: 7.0.0.7061
cpe:2.3:a:imperva:securesphere_web_application_firewall:7.0.0.7061:*:*:*:*:*:*:*
Matching versions
Imperva » Securesphere Web Application Firewall » Version: 7.5
cpe:2.3:a:imperva:securesphere_web_application_firewall:7.5:*:*:*:*:*:*:*
Matching versions
Imperva » Securesphere Web Application Firewall » Version: 8.0
cpe:2.3:a:imperva:securesphere_web_application_firewall:8.0:*:*:*:*:*:*:*
Matching versions
Imperva » Securesphere Web Application Firewall » Version: 6.2
cpe:2.3:a:imperva:securesphere_web_application_firewall:6.2:*:*:*:*:*:*:*
Matching versions
Imperva » Securesphere Web Application Firewall » Version: 7.0
cpe:2.3:a:imperva:securesphere_web_application_firewall:7.0:*:*:*:*:*:*:*
Matching versions
Imperva » Securesphere Web Application Firewall » Version: 8.5
cpe:2.3:a:imperva:securesphere_web_application_firewall:8.5:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2011-0767

Exploit prediction scoring system (EPSS) score for CVE-2011-0767

CVSS scores for CVE-2011-0767

CWE ids for CVE-2011-0767

References for CVE-2011-0767

Products affected by CVE-2011-0767