{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-04-22T00:00:00", "descriptions": [{"lang": "en", "value": "Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-04-23T01:57:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20150422 Cisco FireSIGHT Management Center Web Framework HTTP Header Redirection Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38486"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2015-0706", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20150422 Cisco FireSIGHT Management Center Web Framework HTTP Header Redirection Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38486"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2015-0706", "datePublished": "2015-04-23T01:00:00", "dateReserved": "2015-01-07T00:00:00", "dateUpdated": "2015-04-23T01:57:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "59A9002E-66A1-4C35-8D07-9BC438350081", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "34C49E27-A356-45E5-9FF3-242C37626718", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966."}, {"lang": "es", "value": "Vulnerabilidad de la redirecci\u00f3n abierta en Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, y 6.0.0 en FireSIGHT Management Center permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de una cabecera HTTP manipulada, tambi\u00e9n conocido como Bug IDs CSCut06060, CSCut06056, y CSCus98966."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/601.html\">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>", "id": "CVE-2015-0706", "lastModified": "2015-04-23T16:49:02.237", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-04-23T02:00:16.257", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38486"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}