VAR-201105-0114
Vulnerability from variot - Updated: 2025-04-11 23:02SQL injection vulnerability in an unspecified function in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors. Proofpoint Protection Server Has multiple vulnerabilities. Proofpoint Protection Server Includes authentication bypass, command injection, SQL Multiple vulnerabilities exist, including injection and directory traversal. Clear Skies Security's advisory of TECHNICAL DETAILS Describes each vulnerability as follows: "Enduser Authentication Bypass User-level access to the Proofpoint mail filter web interface can be obtained as any available user without providing the user’s login credentials. Path Traversal Allows Access to System Files Arbitrary files on the Proofpoint appliance can be obtained by manipulating a flaw in the web interface. Proofpoint SQL Injection A publicly accessible function in the Proofpoint interface is vulnerable to SQL Injection. Proofpoint Command Injection A function in the Proofpoint web interface can be manipulated into executing any command on the server. Proofpoint Forced Browsing / Insufficient Page Authorization Some administrative modules are accessible without authenticating with the application."A remote attacker could execute arbitrary commands or download arbitrary files. An authentication-bypass vulnerability 2. A command-injection vulnerability 3. An SQL-injection vulnerability 4. A security-bypass vulnerability 5. A directory-traversal vulnerability Attackers may exploit these issues to retrieve arbitrary files from the affected application, compromise the application, obtain sensitive information, access or modify data, exploit latent vulnerabilities in the underlying database, and gain administrative access to the affected application. ----------------------------------------------------------------------
Secunia is hiring!
http://secunia.com/company/jobs/
TITLE: Proofpoint Enterprise Protection Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA44457
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44457/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44457
RELEASE DATE: 2011-05-04
DISCUSS ADVISORY: http://secunia.com/advisories/44457/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44457/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44457
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Proofpoint Enterprise Protection, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, bypass certain security restrictions, disclose sensitive information, and compromise a vulnerable system.
1) Input passed via the "displayprogress" parameter to enduser/process.cgi is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Note: This vulnerability only affects version 5.5.5.
3) Certain unspecified input is not properly verified before being used to access files.
4) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
5) An error in the application allows access to certain administrative modules without checking for authentication.
6) Certain unspecified input is not properly sanitised before being used and can be exploited to inject and execute arbitrary commands.
SOLUTION: Apply patches.
Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY: 1) Karan Khosla, Sense of Security Labs. 2 - 6) Scott Miles, Clear Skies Security via US-CERT.
ORIGINAL ADVISORY: Proofpoint: https://support.proofpoint.com/article.cgi?article_id=338413
Sense of Security Labs: http://www.senseofsecurity.com.au/advisories/SOS-11-005
US-CERT VU#790980: http://www.kb.cert.org/vuls/id/790980
Clear Skies Security: http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201105-0114",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "protection server",
"scope": "eq",
"trust": 2.7,
"vendor": "proofpoint",
"version": "6.0.2"
},
{
"model": "protection server",
"scope": "eq",
"trust": 2.7,
"vendor": "proofpoint",
"version": "5.5.5"
},
{
"model": "protection server",
"scope": "eq",
"trust": 2.7,
"vendor": "proofpoint",
"version": "5.5.4"
},
{
"model": "protection server",
"scope": "eq",
"trust": 2.7,
"vendor": "proofpoint",
"version": "5.5.3"
},
{
"model": "protection server",
"scope": "eq",
"trust": 2.7,
"vendor": "proofpoint",
"version": "6.1.1"
},
{
"model": "protection server",
"scope": "eq",
"trust": 1.6,
"vendor": "proofpoint",
"version": "6.2.0"
},
{
"model": "messaging security gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "proofpoint",
"version": "6.2.0.263\\:6.2.0.237"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "proofpoint",
"version": null
},
{
"model": "messaging security gateway",
"scope": "lte",
"trust": 0.8,
"vendor": "proofpoint",
"version": "6.2.0.263:6.2.0.237"
},
{
"model": "protection server",
"scope": "eq",
"trust": 0.8,
"vendor": "proofpoint",
"version": "and 6.2.0"
},
{
"model": "protection server",
"scope": null,
"trust": 0.8,
"vendor": "proofpoint",
"version": null
},
{
"model": "messaging security gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "proofpoint",
"version": "6.2.0.263\\:6.2.0.237"
},
{
"model": "protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "6.3"
},
{
"model": "messaging security gateway 6.2.0.263%3a6.2.0.23",
"scope": null,
"trust": 0.3,
"vendor": "proofpoint",
"version": null
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "6.2.0"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "6.1.1"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "6.0.2"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "5.5.5"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "5.5.4"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "5.5.3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "BID",
"id": "73792"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004592"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-067"
},
{
"db": "NVD",
"id": "CVE-2011-1903"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:proofpoint:messaging_security_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:proofpoint:protection_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004592"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "73792"
}
],
"trust": 0.3
},
"cve": "CVE-2011-1903",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2011-1903",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-49848",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-1903",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#790980",
"trust": 0.8,
"value": "22.50"
},
{
"author": "NVD",
"id": "CVE-2011-1903",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201105-067",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-49848",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "VULHUB",
"id": "VHN-49848"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004592"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-067"
},
{
"db": "NVD",
"id": "CVE-2011-1903"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in an unspecified function in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors. Proofpoint Protection Server Has multiple vulnerabilities. Proofpoint Protection Server Includes authentication bypass, command injection, SQL Multiple vulnerabilities exist, including injection and directory traversal. Clear Skies Security\u0027s advisory of TECHNICAL DETAILS Describes each vulnerability as follows: \"Enduser Authentication Bypass User-level access to the Proofpoint mail filter web interface can be obtained as any available user without providing the user\u2019s login credentials. Path Traversal Allows Access to System Files Arbitrary files on the Proofpoint appliance can be obtained by manipulating a flaw in the web interface. Proofpoint SQL Injection A publicly accessible function in the Proofpoint interface is vulnerable to SQL Injection. Proofpoint Command Injection A function in the Proofpoint web interface can be manipulated into executing any command on the server. Proofpoint Forced Browsing / Insufficient Page Authorization Some administrative modules are accessible without authenticating with the application.\"A remote attacker could execute arbitrary commands or download arbitrary files. An authentication-bypass vulnerability\n2. A command-injection vulnerability\n3. An SQL-injection vulnerability\n4. A security-bypass vulnerability\n5. A directory-traversal vulnerability\nAttackers may exploit these issues to retrieve arbitrary files from the affected application, compromise the application, obtain sensitive information, access or modify data, exploit latent vulnerabilities in the underlying database, and gain administrative access to the affected application. ----------------------------------------------------------------------\n\n\nSecunia is hiring!\n\nhttp://secunia.com/company/jobs/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nProofpoint Enterprise Protection Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44457\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44457/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44457\n\nRELEASE DATE:\n2011-05-04\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44457/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44457/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44457\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Proofpoint Enterprise\nProtection, which can be exploited by malicious people to conduct\ncross-site scripting and SQL injection attacks, bypass certain\nsecurity restrictions, disclose sensitive information, and compromise\na vulnerable system. \n\n1) Input passed via the \"displayprogress\" parameter to\nenduser/process.cgi is not properly sanitised before being returned\nto the user. This can be exploited to execute arbitrary HTML and\nscript code in a user\u0027s browser session in context of an affected\nsite. \n\nNote: This vulnerability only affects version 5.5.5. \n\n3) Certain unspecified input is not properly verified before being\nused to access files. \n\n4) Certain unspecified input is not properly sanitised before being\nused in SQL queries. This can be exploited to manipulate SQL queries\nby injecting arbitrary SQL code. \n\n5) An error in the application allows access to certain\nadministrative modules without checking for authentication. \n\n6) Certain unspecified input is not properly sanitised before being\nused and can be exploited to inject and execute arbitrary commands. \n\nSOLUTION:\nApply patches. \n\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nPROVIDED AND/OR DISCOVERED BY:\n1) Karan Khosla, Sense of Security Labs. \n2 - 6) Scott Miles, Clear Skies Security via US-CERT. \n\nORIGINAL ADVISORY:\nProofpoint:\nhttps://support.proofpoint.com/article.cgi?article_id=338413\n\nSense of Security Labs:\nhttp://www.senseofsecurity.com.au/advisories/SOS-11-005\n\nUS-CERT VU#790980:\nhttp://www.kb.cert.org/vuls/id/790980\n\nClear Skies Security:\nhttp://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1903"
},
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004592"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "BID",
"id": "73792"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "VULHUB",
"id": "VHN-49848"
},
{
"db": "PACKETSTORM",
"id": "101135"
}
],
"trust": 3.78
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#790980",
"trust": 4.8
},
{
"db": "NVD",
"id": "CVE-2011-1903",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004592",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201105-067",
"trust": 0.7
},
{
"db": "BID",
"id": "73792",
"trust": 0.4
},
{
"db": "BID",
"id": "47675",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "44457",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-49848",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101135",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "VULHUB",
"id": "VHN-49848"
},
{
"db": "BID",
"id": "73792"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004592"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "PACKETSTORM",
"id": "101135"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-067"
},
{
"db": "NVD",
"id": "CVE-2011-1903"
}
]
},
"id": "VAR-201105-0114",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-49848"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T23:02:07.068000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.proofpoint.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.proofpoint.com"
},
{
"title": "Call Tracking System - Login (Customer Support web site\uff09",
"trust": 0.8,
"url": "https://support.proofpoint.com/article.cgi?article_id=338413"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004592"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49848"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004592"
},
{
"db": "NVD",
"id": "CVE-2011-1903"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.0,
"url": "http://www.kb.cert.org/vuls/id/790980"
},
{
"trust": 2.9,
"url": "http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php"
},
{
"trust": 2.9,
"url": "https://support.proofpoint.com/article.cgi?article_id=338413"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1903"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1903"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu790980"
},
{
"trust": 0.3,
"url": "http://www.proofpoint.com/products/index.php"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44457/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44457"
},
{
"trust": 0.1,
"url": "http://www.senseofsecurity.com.au/advisories/sos-11-005"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44457/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "VULHUB",
"id": "VHN-49848"
},
{
"db": "BID",
"id": "73792"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004592"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "PACKETSTORM",
"id": "101135"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-067"
},
{
"db": "NVD",
"id": "CVE-2011-1903"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "VULHUB",
"id": "VHN-49848"
},
{
"db": "BID",
"id": "73792"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004592"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "PACKETSTORM",
"id": "101135"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-067"
},
{
"db": "NVD",
"id": "CVE-2011-1903"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-05-02T00:00:00",
"db": "CERT/CC",
"id": "VU#790980"
},
{
"date": "2011-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-49848"
},
{
"date": "2011-05-05T00:00:00",
"db": "BID",
"id": "73792"
},
{
"date": "2011-05-02T00:00:00",
"db": "BID",
"id": "47675"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004592"
},
{
"date": "2011-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"date": "2011-05-05T06:57:39",
"db": "PACKETSTORM",
"id": "101135"
},
{
"date": "2011-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201105-067"
},
{
"date": "2011-05-05T14:55:03.260000",
"db": "NVD",
"id": "CVE-2011-1903"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-05-02T00:00:00",
"db": "CERT/CC",
"id": "VU#790980"
},
{
"date": "2011-05-31T00:00:00",
"db": "VULHUB",
"id": "VHN-49848"
},
{
"date": "2011-05-05T00:00:00",
"db": "BID",
"id": "73792"
},
{
"date": "2011-05-02T00:00:00",
"db": "BID",
"id": "47675"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004592"
},
{
"date": "2011-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"date": "2011-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201105-067"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-1903"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "73792"
},
{
"db": "BID",
"id": "47675"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Proofpoint Protection Server contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "73792"
},
{
"db": "BID",
"id": "47675"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.