製品・ソフトウェアに関する情報

JVN脆弱性詳細

Barracuda Spam Firewall の ldap_test.cgi におけるクロスサイトスクリプティングの脆弱性

Title	Barracuda Spam Firewall の ldap_test.cgi におけるクロスサイトスクリプティングの脆弱性
Summary	Barracuda Spam Firewall (BSF) の ldap_test.cgi には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	第三者により、電子メールパラメータを介して、任意の Web スクリプトまたは HTML を挿入される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 22, 2008, midnight
Registration Date	June 6, 2011, 2:20 p.m.
Last Update	June 6, 2011, 2:20 p.m.

Affected System

バラクーダネットワークス

Barracuda Spam Firewall 3.5.11.025 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2008-2333	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2333
National Vulnerability Database (NVD)
2	CVE-2008-2333	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2333

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	Name	URL
テクニカルアラート
1	Barracuda Spam Firewall resolved vulnerability associated with LDAP test script	http://www.barracudanetworks.com/ns/support/tech_alert.php

その他

No	Name	URL
ISS X-Force Database
1	42594	http://xforce.iss.net/xforce/xfdb/42594
Secunia Advisory
2	SA30362	http://secunia.com/advisories/30362
SecurityFocus
3	29340	http://www.securityfocus.com/bid/29340
SecurityTracker
4	1020108	http://www.securitytracker.com/id?1020108

Change Log

No	Changed Details	Date of change
0	[2011年06月06日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2008-2333

Summary	Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda Spam Firewall (BSF) before 3.5.11.025 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
Summary	Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados enl dap_test.cgi en Barracuda Spam Firewall (BSF) anteriores a 3.5.11.025, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través del parámetro "email".
Publication Date	May 24, 2008, 12:32 a.m.
Registration Date	Jan. 29, 2021, 1:36 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall::::::::		3.5.11.020
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.1.10:::::::*
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.1.16:::::::*
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.1.17:::::::*
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.1.18:::::::*
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.0.54:::::::*
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.01.001:::::::*
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.3:::::::*
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.03.053:::::::*
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.03.055:::::::*
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.15.026:::::::*
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.4:::::::*
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.4.10.102:::::::*

Related information, measures and tools

No	URL	refsource
1	http://secunia.com/advisories/30362	cve@mitre.org
2	http://www.barracudanetworks.com/ns/support/tech_alert.php	cve@mitre.org
3	http://www.irmplc.com/index.php/168-Advisory-027	cve@mitre.org
4	http://www.securityfocus.com/archive/1/492475/100/0/threaded	cve@mitre.org
5	http://www.securityfocus.com/bid/29340	cve@mitre.org
6	http://www.securitytracker.com/id?1020108	cve@mitre.org
7	http://www.vupen.com/english/advisories/2008/1627/references	cve@mitre.org
8	https://exchange.xforce.ibmcloud.com/vulnerabilities/42594	cve@mitre.org
9	http://secunia.com/advisories/30362	af854a3a-2127-422b-91ae-364da2661108
10	http://www.barracudanetworks.com/ns/support/tech_alert.php	af854a3a-2127-422b-91ae-364da2661108
11	http://www.irmplc.com/index.php/168-Advisory-027	af854a3a-2127-422b-91ae-364da2661108
12	http://www.securityfocus.com/archive/1/492475/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
13	http://www.securityfocus.com/bid/29340	af854a3a-2127-422b-91ae-364da2661108
14	http://www.securitytracker.com/id?1020108	af854a3a-2127-422b-91ae-364da2661108
15	http://www.vupen.com/english/advisories/2008/1627/references	af854a3a-2127-422b-91ae-364da2661108
16	https://exchange.xforce.ibmcloud.com/vulnerabilities/42594	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall::::::::		3.5.11.020
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.1.10:::::::*
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.1.16:::::::*
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.1.17:::::::*
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.1.18:::::::*
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.0.54:::::::*
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.01.001:::::::*
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.3:::::::*
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.03.053:::::::*
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.03.055:::::::*
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.15.026:::::::*
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.4:::::::*
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.4.10.102:::::::*