Barracuda Spam Firewall < Multiple Vulnerabilities (SQLi, XSS)

High Nessus Network Monitor Plugin ID 4795


The remote web server contains CGI scripts that are affected by several issues.


The remote Barracuda Spam Firewall device is using a firmware version earlier than Such versions reportedly are affected by several issues :

- There is a SQL injection vulnerability involving the 'pattern_x' parameter (where x=0...n) of the 'cgi-bin/index.cgi' script when 'filter_x' is set to 'search_count_equals'. Successful exploitation requires credentials. (CVE-2008-1094)

- There are multiple cross-site scripting vulnerabilities due to a failure to sanitize user input when displaying error messages and involving multiple hidden input elements. (CVE-2008-0971)


Update to firmware version or higher.

See Also

Plugin Details

Severity: High

ID: 4795

File Name: 4795.prm

Family: Web Servers

Published: 2008/12/22

Modified: 2016/01/15

Dependencies: 1442

Nessus ID: 35224

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 7.3

Temporal Score: 6.8


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

CVE: CVE-2008-0971, CVE-2008-1094

BID: 32867