id: CVE-2015-2863 info: name: Kaseya Virtual System Administrator - Open Redirect author: 0x_Akoko severity: medium description: | Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. remediation: | Apply the latest security patches and updates provided by Kaseya to fix the open redirect vulnerability in the Kaseya Virtual System Administrator (VSA). reference: - https://github.com/pedrib/PoC/blob/3f927b957b86a91ce65b017c4b9c93d05e241592/advisories/Kaseya/kaseya-vsa-vuln.txt - http://www.kb.cert.org/vuls/id/919604 - https://nvd.nist.gov/vuln/detail/CVE-2015-2863 - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2015-2863 cwe-id: CWE-601 epss-score: 0.00626 epss-percentile: 0.76747 cpe: cpe:2.3:a:kaseya:virtual_system_administrator:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: kaseya product: virtual_system_administrator tags: cve2015,cve,redirect,kaseya http: - method: GET path: - '{{BaseURL}}/inc/supportLoad.asp?urlToLoad=http://oast.me' - '{{BaseURL}}/vsaPres/Web20/core/LocalProxy.ashx?url=http://oast.me' stop-at-first-match: true matchers: - type: regex part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)oast\.me\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 # digest: 4a0a00473045022033fc40b6ad2baca8ef5a0faf48a297f8e14cac8e720047cf1fe5e96fcc10f293022100cf0c442e4cdd4914c177d6a54eb4d2115d579e4fe66231ee6dab3b91118d424a:922c64590222798bb761d5b6d8e72950