Vulnerability Description
The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a crafted string.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Paloaltonetworks | Pan-Os | >= 5.0.0, < 5.0.20 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/94401Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037379Third Party AdvisoryVDB Entry
- https://security.paloaltonetworks.com/CVE-2016-9149
- http://www.securityfocus.com/bid/94401Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037379Third Party AdvisoryVDB Entry
- https://security.paloaltonetworks.com/CVE-2016-9149
FAQ
What is CVE-2016-9149?
CVE-2016-9149 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quo...
How severe is CVE-2016-9149?
CVE-2016-9149 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9149?
Check the references section above for vendor advisories and patch information. Affected products include: Paloaltonetworks Pan-Os.