Vulnerability-Lookup

CVE-2011-3317 (GCVE-0-2011-3317)

Vulnerability from cvelistv5 – Published: 2012-05-02 10:00 – Updated: 2024-08-06 23:29

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

FKIE_CVE-2011-3317

Vulnerability from fkie_nvd - Published: 2012-05-02 10:09 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	psirt@cisco.com	http://secunia.com/advisories/49101
	psirt@cisco.com	http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt
	psirt@cisco.com	http://www.securityfocus.com/bid/53436
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49101
	af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/53436

Impacted products

	Vendor	Product	Version
	cisco	secure_access_control_server	5.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:secure_access_control_server:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "19DD8E24-802E-4D20-A054-7B76FB7A83B8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Solution Engine en Cisco Secure Access Control Server (ACS) v5.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCtr78192."
    }
  ],
  "id": "CVE-2011-3317",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-05-02T10:09:21.550",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://secunia.com/advisories/49101"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/53436"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49101"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53436"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-8HP6-HH5H-XPRP

Vulnerability from github – Published: 2022-05-17 05:28 – Updated: 2022-05-17 05:28

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-3317"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-05-02T10:09:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192.",
  "id": "GHSA-8hp6-hh5h-xprp",
  "modified": "2022-05-17T05:28:56Z",
  "published": "2022-05-17T05:28:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3317"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/49101"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/53436"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2011-3317

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-3317

Aliases

CVE-2011-3317

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-3317",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192.",
    "id": "GSD-2011-3317"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-3317"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192.",
      "id": "GSD-2011-3317",
      "modified": "2023-12-13T01:19:09.263084Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2011-3317",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "49101",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/49101"
          },
          {
            "name": "53436",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/53436"
          },
          {
            "name": "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt",
            "refsource": "CONFIRM",
            "url": "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:secure_access_control_server:5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2011-3317"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt"
            },
            {
              "name": "53436",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/53436"
            },
            {
              "name": "49101",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/49101"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2012-06-09T03:36Z",
      "publishedDate": "2012-05-02T10:09Z"
    }
  }
}

VAR-201205-0387

Vulnerability from variot - Updated: 2025-04-11 22:53

Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192. The problem is Bug ID CSCtr78192 It is a problem.By any third party Web Script or HTML May be inserted. Exploiting these issues could allow an attacker to execute arbitrary code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database in the context of the server process. ----------------------------------------------------------------------

Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch

TITLE: Cisco Secure ACS Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA49101

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49101/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49101

RELEASE DATE: 2012-05-09

DISCUSS ADVISORY: http://secunia.com/advisories/49101/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/49101/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=49101

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: Multiple vulnerabilities have been reported in Cisco Secure ACS, where some have unknown impacts and others can be exploited by malicious people to conduct script insertion, cross-site request forgery, and SQL injection attacks.

1) Some unspecified errors. No further information is currently available.

2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions by tricking a logged in user into visiting a malicious web site.

3) Certain unspecified input is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

4) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

SOLUTION: Update to version 5.2.0.26 patch 9.

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201205-0387",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "5.2"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002218"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-040"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3317"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:cisco:secure_access_control_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002218"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "53436"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2011-3317",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2011-3317",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-51262",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2011-3317",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2011-3317",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201205-040",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-51262",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51262"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002218"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-040"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3317"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192. The problem is Bug ID CSCtr78192 It is a problem.By any third party Web Script or HTML May be inserted. \nExploiting these issues could allow an attacker to execute arbitrary code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database  in the context of the server process. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco Secure ACS Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49101\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49101/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49101\n\nRELEASE DATE:\n2012-05-09\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49101/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49101/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49101\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Cisco Secure ACS,\nwhere some have unknown impacts and others can be exploited by\nmalicious people to conduct script insertion, cross-site request\nforgery, and SQL injection attacks. \n\n1) Some unspecified errors. No further information is currently\navailable. \n\n2) The application allows users to perform certain actions via HTTP\nrequests without performing any validity checks to verify the\nrequests. This can be exploited to perform certain actions by\ntricking a logged in user into visiting a malicious web site. \n\n3) Certain unspecified input is not properly sanitised before being\nused. This can be exploited to insert arbitrary HTML and script code,\nwhich will be executed in a user\u0027s browser session in context of an\naffected site when the malicious data is being viewed. \n\n4) Certain unspecified input is not properly sanitised before being\nused in SQL queries. This can be exploited to manipulate SQL queries\nby injecting arbitrary SQL code. \n\nSOLUTION:\nUpdate to version 5.2.0.26 patch 9. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-3317"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002218"
      },
      {
        "db": "BID",
        "id": "53436"
      },
      {
        "db": "VULHUB",
        "id": "VHN-51262"
      },
      {
        "db": "PACKETSTORM",
        "id": "112565"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-3317",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "53436",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "49101",
        "trust": 1.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002218",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-040",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "19586",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-51262",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "112565",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51262"
      },
      {
        "db": "BID",
        "id": "53436"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002218"
      },
      {
        "db": "PACKETSTORM",
        "id": "112565"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-040"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3317"
      }
    ]
  },
  "id": "VAR-201205-0387",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51262"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-11T22:53:43.438000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Readme File for Cisco Secure Access Control Server (ACS)",
        "trust": 0.8,
        "url": "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002218"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51262"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002218"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3317"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.cisco.com/web/software/282766937/37718/acs-5-2-0-26-9-readme.txt"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/53436"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/49101"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3317"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3317"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/19586"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/sw/secursw/ps2086/index.html"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49101"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/psi_30_beta_launch"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_intelligence/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/49101/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/49101/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51262"
      },
      {
        "db": "BID",
        "id": "53436"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002218"
      },
      {
        "db": "PACKETSTORM",
        "id": "112565"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-040"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3317"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-51262"
      },
      {
        "db": "BID",
        "id": "53436"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002218"
      },
      {
        "db": "PACKETSTORM",
        "id": "112565"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-040"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3317"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-05-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-51262"
      },
      {
        "date": "2012-05-09T00:00:00",
        "db": "BID",
        "id": "53436"
      },
      {
        "date": "2012-05-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-002218"
      },
      {
        "date": "2012-05-09T07:38:02",
        "db": "PACKETSTORM",
        "id": "112565"
      },
      {
        "date": "2012-05-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201205-040"
      },
      {
        "date": "2012-05-02T10:09:21.550000",
        "db": "NVD",
        "id": "CVE-2011-3317"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-06-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-51262"
      },
      {
        "date": "2012-05-09T00:00:00",
        "db": "BID",
        "id": "53436"
      },
      {
        "date": "2012-05-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-002218"
      },
      {
        "date": "2012-05-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201205-040"
      },
      {
        "date": "2025-04-11T00:51:21.963000",
        "db": "NVD",
        "id": "CVE-2011-3317"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-040"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Secure Access Control Server Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002218"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-040"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-3317 (GCVE-0-2011-3317)

FKIE_CVE-2011-3317

GHSA-8HP6-HH5H-XPRP

GSD-2011-3317

VAR-201205-0387

Tags

Sightings

Nomenclature