[CVE-2007-6110] Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
htdig (Debian) |
Fix Released
|
Unknown
|
|||
htdig (Ubuntu) |
Fix Released
|
Undecided
|
William Grant | ||
Dapper |
Invalid
|
Undecided
|
William Grant | ||
Edgy |
Fix Released
|
Undecided
|
William Grant | ||
Feisty |
Fix Released
|
Undecided
|
William Grant | ||
Gutsy |
Fix Released
|
Undecided
|
William Grant | ||
Hardy |
Fix Released
|
Undecided
|
William Grant |
Bug Description
Binary package hint: htdig
Vulnerability Summary CVE-2007-6110
Original release date: 11/23/2007
Last revised: 11/26/2007
Source: US-CERT/NIST
Overview
Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.
Impact
CVSS Severity (version 2.0):
CVSS v2 Base score: 4.3 (Medium) (AV:N/AC:
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Access Vector: Network exploitable , Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
References to Advisories, Solutions, and Tools
External Source: (disclaimer)
Hyperlink: http://
CVE References
Changed in htdig: | |
assignee: | nobody → fujitsu |
status: | New → In Progress |
assignee: | nobody → fujitsu |
status: | New → In Progress |
assignee: | nobody → fujitsu |
status: | New → In Progress |
Changed in htdig: | |
assignee: | nobody → fujitsu |
status: | New → In Progress |
assignee: | nobody → fujitsu |
status: | New → In Progress |
Changed in htdig: | |
status: | Fix Committed → Fix Released |
Changed in htdig: | |
status: | Unknown → Fix Released |
Your link is broken. I think this one should work (and is what that one was meant to be):
http:// sourceforge. net/mailarchive /forum. php?thread_ name=2007092513 10.55835. mskibbe% 40suse. de&forum_ name=htdig- dev