Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Barracuda Spam Firewall < Multiple Vulnerabilities (SQLi, XSS)



The remote web server contains CGI scripts that are affected by several issues.


The remote Barracuda Spam Firewall device is using a firmware version earlier than Such versions reportedly are affected by several issues :

- There is a SQL injection vulnerability involving the 'pattern_x' parameter (where x=0...n) of the 'cgi-bin/index.cgi' script when 'filter_x' is set to 'search_count_equals'. Successful exploitation requires credentials. (CVE-2008-1094)

- There are multiple cross-site scripting vulnerabilities due to a failure to sanitize user input when displaying error messages and involving multiple hidden input elements. (CVE-2008-0971)


Update to firmware version or higher.