VAR-201210-0410
Vulnerability from variot - Updated: 2025-04-11 23:04Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam & Virus Firewall 600 Firmware 4.0.1.009 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) Troubleshooting in the Trace route Device module or (2) LDAP Username in the LDAP Configuration module. Barracuda Spam & Virus WAF 600 is prone to multiple unspecified HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. The vulnerability stems from improper filtering of user-supplied input before it is used to dynamically generate content
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201210-0410",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "spam \\\u0026 virus firewall 600",
"scope": "eq",
"trust": 1.0,
"vendor": "barracudanetworks",
"version": null
},
{
"model": "spam \\\u0026 virus firewall 600",
"scope": "lte",
"trust": 1.0,
"vendor": "barracudanetworks",
"version": "4.0.1.009"
},
{
"model": "spam \u0026 virus firewall 600",
"scope": null,
"trust": 0.8,
"vendor": "barracuda",
"version": null
},
{
"model": "spam \u0026 virus firewall 600",
"scope": "lte",
"trust": 0.8,
"vendor": "barracuda",
"version": "4.0.1.009"
},
{
"model": "spam \\\u0026 virus firewall 600",
"scope": "eq",
"trust": 0.6,
"vendor": "barracudanetworks",
"version": "4.0.1.009"
},
{
"model": "networks barracuda spam \u0026 virus waf",
"scope": "eq",
"trust": 0.3,
"vendor": "barracuda",
"version": "6000"
}
],
"sources": [
{
"db": "BID",
"id": "51599"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004851"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-370"
},
{
"db": "NVD",
"id": "CVE-2012-5316"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:barracuda_networks:spam_%26_virus_firewall_600",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:barracuda_networks:spam_%26_virus_firewall_600_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004851"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability Research Laboratory - Benjamin Kunz Mejri",
"sources": [
{
"db": "BID",
"id": "51599"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-370"
}
],
"trust": 0.9
},
"cve": "CVE-2012-5316",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2012-5316",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-58597",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-5316",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2012-5316",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201201-370",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-58597",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58597"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004851"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-370"
},
{
"db": "NVD",
"id": "CVE-2012-5316"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam \u0026 Virus Firewall 600 Firmware 4.0.1.009 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) Troubleshooting in the Trace route Device module or (2) LDAP Username in the LDAP Configuration module. Barracuda Spam \u0026amp; Virus WAF 600 is prone to multiple unspecified HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. The vulnerability stems from improper filtering of user-supplied input before it is used to dynamically generate content",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-5316"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004851"
},
{
"db": "BID",
"id": "51599"
},
{
"db": "VULHUB",
"id": "VHN-58597"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-5316",
"trust": 2.8
},
{
"db": "BID",
"id": "51599",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004851",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201201-370",
"trust": 0.7
},
{
"db": "XF",
"id": "72579",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "21078",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20120120 [SUSPECTED SPAM] BARRACUDA SPAM/VIRUS WAF 600 - MULTIPLE WEB VULNERABILITIES",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-58597",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58597"
},
{
"db": "BID",
"id": "51599"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004851"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-370"
},
{
"db": "NVD",
"id": "CVE-2012-5316"
}
]
},
"id": "VAR-201210-0410",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-58597"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T23:04:11.333000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Barracuda Spam \u0026 Virus Firewall",
"trust": 0.8,
"url": "https://www.barracudanetworks.com/ns/products/spam_overview.php"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004851"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58597"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004851"
},
{
"db": "NVD",
"id": "CVE-2012-5316"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/51599"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0130.html"
},
{
"trust": 1.7,
"url": "http://www.vulnerability-lab.com/get_content.php?id=28"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72579"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5316"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5316"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/72579"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/21078"
},
{
"trust": 0.3,
"url": "http://www.barracudanetworks.com/ns/?l=en_ca"
},
{
"trust": 0.3,
"url": "/archive/1/521316"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58597"
},
{
"db": "BID",
"id": "51599"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004851"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-370"
},
{
"db": "NVD",
"id": "CVE-2012-5316"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-58597"
},
{
"db": "BID",
"id": "51599"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004851"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-370"
},
{
"db": "NVD",
"id": "CVE-2012-5316"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-10-08T00:00:00",
"db": "VULHUB",
"id": "VHN-58597"
},
{
"date": "2012-01-20T00:00:00",
"db": "BID",
"id": "51599"
},
{
"date": "2012-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004851"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201201-370"
},
{
"date": "2012-10-08T17:55:01.293000",
"db": "NVD",
"id": "CVE-2012-5316"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-58597"
},
{
"date": "2015-03-19T09:41:00",
"db": "BID",
"id": "51599"
},
{
"date": "2012-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004851"
},
{
"date": "2012-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201201-370"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-5316"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201201-370"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Barracuda Spam \u0026 Virus Firewall 600 Firmware cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004851"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201201-370"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…