CVE-2001-0835

Sažetak

Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup.

Reference

http://lists.suse.com/archives/suse-security-announce/2001-Nov/0001.html
http://marc.info/?l=bugtraq&m=100394630702875&w=2
http://www.linuxsecurity.com/advisories/other_advisory-1677.html
http://www.mrunix.net/webalizer/news.html
http://www.redhat.com/support/errata/RHSA-2001-140.html
http://www.redhat.com/support/errata/RHSA-2001-141.html
http://www.securityfocus.com/bid/3473
https://exchange.xforce.ibmcloud.com/vulnerabilities/7350
https://exchange.xforce.ibmcloud.com/vulnerabilities/7351

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

19-12-2017 - 02:29

Objavljeno

06-12-2001 - 05:00