2022-09-18 09:08:35 +00:00
id : CVE-2015-2863
info :
name : Kaseya Virtual System Administrator - Open Redirect
author : 0x_Akoko
2023-03-27 17:46:47 +00:00
severity : medium
2023-03-14 09:01:20 +00:00
description : |
2023-03-27 17:46:47 +00:00
Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
2022-09-18 09:08:35 +00:00
reference :
- https://github.com/pedrib/PoC/blob/3f927b957b86a91ce65b017c4b9c93d05e241592/advisories/Kaseya/kaseya-vsa-vuln.txt
2023-03-15 15:39:42 +00:00
- http://www.kb.cert.org/vuls/id/919604
2023-03-27 17:46:47 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2015-2863
2022-09-18 09:08:35 +00:00
classification :
2023-07-15 16:29:17 +00:00
cvss-metrics : CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-score : 4.3
2022-09-18 09:08:35 +00:00
cve-id : CVE-2015-2863
cwe-id : CWE-601
2023-07-15 16:29:17 +00:00
epss-score : 0.00626
cpe : cpe:2.3:a:kaseya:virtual_system_administrator:*:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 2
2023-07-15 16:29:17 +00:00
vendor : kaseya
product : virtual_system_administrator
tags : cve,cve2015,redirect,kaseya
2022-09-18 09:08:35 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-09-18 09:08:35 +00:00
- method : GET
path :
2023-03-14 09:01:20 +00:00
- '{{BaseURL}}/inc/supportLoad.asp?urlToLoad=http://oast.me'
- '{{BaseURL}}/vsaPres/Web20/core/LocalProxy.ashx?url=http://oast.me'
2022-09-18 09:08:35 +00:00
2023-03-14 09:01:20 +00:00
stop-at-first-match : true
2022-09-18 09:08:35 +00:00
matchers :
- type : regex
part : header
regex :
2023-03-14 09:01:20 +00:00
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)oast\.me\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1