2022-09-18 09:08:35 +00:00
id : CVE-2015-2863
info :
name : Kaseya Virtual System Administrator - Open Redirect
author : 0x_Akoko
2023-03-27 17:46:47 +00:00
severity : medium
2023-03-14 09:01:20 +00:00
description : |
2023-03-27 17:46:47 +00:00
Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
2023-09-06 13:22:34 +00:00
remediation : |
Apply the latest security patches and updates provided by Kaseya to fix the open redirect vulnerability in the Kaseya Virtual System Administrator (VSA).
2022-09-18 09:08:35 +00:00
reference :
- https://github.com/pedrib/PoC/blob/3f927b957b86a91ce65b017c4b9c93d05e241592/advisories/Kaseya/kaseya-vsa-vuln.txt
2023-03-15 15:39:42 +00:00
- http://www.kb.cert.org/vuls/id/919604
2023-03-27 17:46:47 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2015-2863
2022-09-18 09:08:35 +00:00
classification :
2023-07-15 16:29:17 +00:00
cvss-metrics : CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-score : 4.3
2022-09-18 09:08:35 +00:00
cve-id : CVE-2015-2863
cwe-id : CWE-601
2023-07-15 16:29:17 +00:00
epss-score : 0.00626
2024-01-14 13:49:27 +00:00
epss-percentile : 0.76692
2023-09-06 13:22:34 +00:00
cpe : cpe:2.3:a:kaseya:virtual_system_administrator:*:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 2
2023-07-15 16:29:17 +00:00
vendor : kaseya
product : virtual_system_administrator
2024-01-14 09:21:50 +00:00
tags : cve2015,cve,redirect,kaseya
2022-09-18 09:08:35 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-09-18 09:08:35 +00:00
- method : GET
path :
2023-03-14 09:01:20 +00:00
- '{{BaseURL}}/inc/supportLoad.asp?urlToLoad=http://oast.me'
- '{{BaseURL}}/vsaPres/Web20/core/LocalProxy.ashx?url=http://oast.me'
2022-09-18 09:08:35 +00:00
2023-03-14 09:01:20 +00:00
stop-at-first-match : true
2022-09-18 09:08:35 +00:00
matchers :
- type : regex
part : header
regex :
2023-03-14 09:01:20 +00:00
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)oast\.me\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
2024-01-14 14:05:19 +00:00
# digest: 4b0a00483046022100e8cffc0c787b3aa7891e87e2778fb6ff7775c31481e87da323dbb2e914f49f280221009b378e5369ca7190cd1d66d44b87d7bc4afea038c57fd094563610ef9aa16442:922c64590222798bb761d5b6d8e72950