製品・ソフトウェアに関する情報

JVN脆弱性詳細

PRTG Traffic Grapher の Monitor_Bandwidth 関数におけるクロスサイトスクリプティングの脆弱性

Title	PRTG Traffic Grapher の Monitor_Bandwidth 関数におけるクロスサイトスクリプティングの脆弱性
Summary	PRTG Traffic Grapher の Monitor_Bandwidth 関数には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	第三者により、任意の Web スクリプトまたは HTML を挿入される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	June 1, 2009, midnight
Registration Date	Sept. 25, 2012, 5:27 p.m.
Last Update	Sept. 25, 2012, 5:27 p.m.

CVSS2.0 : 警告
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:N

Affected System

Paessler AG

prtg traffic grapher 6.2.2.977 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2009-1849	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1849
National Vulnerability Database (NVD)
2	CVE-2009-1849	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1849

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	Name	URL
Paessler
1	Traffic Grapher	http://www.paessler.com/prtg

Change Log

No	Changed Details	Date of change
0	[2012年09月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2009-1849

Summary	Cross-site scripting (XSS) vulnerability in the Monitor_Bandwidth function in PRTG Traffic Grapher 6.2.2.977 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Publication Date	June 2, 2009, 4:30 a.m.
Registration Date	Jan. 29, 2021, 1:18 p.m.
Last Update	June 29, 2009, 1 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:paessler:prtg_traffic_grapher:4.0.7.139:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.0.8.154:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.1.0.256:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.1.0.257:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.1.0.265:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.1.0.266:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.2.0.356:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.2.0.357:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.2.0.363:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.2.0.364:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.2.1.385:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.2.1.386:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.0.470:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.0.471:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.1.498:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.1.505:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.1.510:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.1.522:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.1.534:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.1.562:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.1.566:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.0.1.300:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.0.1.310:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.0.1.356:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.0.3.379:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.0.3.398:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.1.0.452:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.1.1.474:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.548:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.549:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.559:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.560:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.565:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.566:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.574:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.575:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.581:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.582:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.687:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.738:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.739:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.758:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.759:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.812:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.813:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.833:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.834:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.862:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.863:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.2.255:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.2.256:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.3.258:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.3.259:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.3.261:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.3.262:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.3.284:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.3.285:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.4.332:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.4.333:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.4.335:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.4.336:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.4.393:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.4.394:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.5.417:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.5.441:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.5.442:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.5.450:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.5.451:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.6.585:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.6.586:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.6.601:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.6.602:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.6.625:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.6.626:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.6.675:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.6.676:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.0.683_beta:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.0.750:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.0.751:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.0.753:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.0.754:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.0.756:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.0.757:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.1.854:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.1.855:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.2.0.907:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.2.0.908:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.2.1.950:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.2.1.951:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.2.1.957:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.2.1.958:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.2.1.963:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.2.1.964:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher::::::::		6.2.977
cpe:2.3:a:paessler:prtg_traffic_grapher6.0.5.416::::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://blog.bkis.com/?p=704	MISC
2	http://secunia.com/advisories/35249	SECUNIA	Vendor Advisory
3	http://www.paessler.com/support/kb/questions/prtg6history	CONFIRM	Patch Vendor Advisory
4	http://www.securityfocus.com/bid/35128	BID

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:paessler:prtg_traffic_grapher:4.0.7.139:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.0.8.154:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.1.0.256:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.1.0.257:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.1.0.265:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.1.0.266:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.2.0.356:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.2.0.357:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.2.0.363:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.2.0.364:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.2.1.385:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.2.1.386:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.0.470:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.0.471:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.1.498:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.1.505:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.1.510:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.1.522:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.1.534:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.1.562:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.1.566:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.0.1.300:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.0.1.310:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.0.1.356:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.0.3.379:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.0.3.398:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.1.0.452:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.1.1.474:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.548:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.549:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.559:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.560:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.565:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.566:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.574:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.575:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.581:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.582:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.687:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.738:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.739:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.758:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.759:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.812:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.813:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.833:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.834:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.862:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.863:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.2.255:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.2.256:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.3.258:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.3.259:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.3.261:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.3.262:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.3.284:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.3.285:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.4.332:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.4.333:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.4.335:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.4.336:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.4.393:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.4.394:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.5.417:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.5.441:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.5.442:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.5.450:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.5.451:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.6.585:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.6.586:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.6.601:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.6.602:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.6.625:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.6.626:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.6.675:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.6.676:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.0.683_beta:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.0.750:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.0.751:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.0.753:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.0.754:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.0.756:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.0.757:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.1.854:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.1.855:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.2.0.907:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.2.0.908:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.2.1.950:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.2.1.951:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.2.1.957:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.2.1.958:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.2.1.963:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher:6.2.1.964:::::::*
cpe:2.3:a:paessler:prtg_traffic_grapher::::::::		6.2.977
cpe:2.3:a:paessler:prtg_traffic_grapher6.0.5.416::::::::