![]() ![]() Name : The remote Ubuntu host is missing a security-related patch.įile : ubuntu_USN-686-1.nasl - Type : ACT_GATHER_INFO Name : The remote Fedora host is missing a security update.įile : fedora_2008-10950.nasl - Type : ACT_GATHER_INFO Open Source Vulnerability Database (OSVDB) Id Name : AWStats XSS Vulnerability - Dec08 Name : Debian Security Advisory DSA 1679-1 (awstats) Name : Fedora Update for awstats FEDORA-2008-7684įile : nvt/gb_fedora_2008_7684_awstats_fc8.nasl Name : Fedora Update for awstats FEDORA-2008-7663įile : nvt/gb_fedora_2008_7663_awstats_fc9.nasl Name : Ubuntu Update for awstats vulnerability USN-686-1 Name : Mandrake Security Advisory MDVSA-2009:266 (awstats) AND awstats is earlier than 6.5+dfsg-1+etch1.AND awstats DPKG is earlier than 0:6.5+dfsg-1+etch1ĭefinition Id: oval::def:8151. ![]() Morgan Todd discovered a cross-site scripting vulnerability in awstats, a log file analyzer, involving the "config" request parameter (and possibly others CVE-2008-3714). AND awstats DPKG is earlier than 6.7.dfsg-5ubuntu0.1ĭefinition Id: oval::def:20224ĭSA-1679-1 awstats - cross-site scripting.AND awstats DPKG is earlier than 6.7.dfsg-1ubuntu0.1.AND awstats DPKG is earlier than 6.6+dfsg-1ubuntu0.1.AND awstats DPKG is earlier than 6.5-1ubuntu1.3.Morgan Todd discovered that AWStats did not correctly strip quotes from certain parameters, allowing for an XSS attack when running as a CGI. %3C%3CscriptĬross-Site Scripting with Masking through Invalid Characters in Identifiersįailure to Preserve Web Page Structure ('Cross-site Scripting')ĭefinition Id: oval::def:17861 If a user was tricked by a remote attacker into following a specially crafted URL, the user's authentication information could be exposed for the domain where AWStats was hosted.ĬAPEC : Common Attack Pattern Enumeration & Classification IdĬlient Network Footprinting (using AJAX/XSS)Ĭross-Site Scripting Using Alternate SyntaxĬross-Site Scripting Using MIME Type MismatchĬross-Site Scripting via Encoded URI SchemesĬross-Site Scripting Using Doubled Characters, e.g. In general, a standard system upgrade is sufficient to effect the necessary changes. The problem can be corrected by upgrading your system to the following package versions: This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 A security issue affects the following Ubuntu releases:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |