CVE-2002-1348

Sažetak

w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies.

Reference

http://marc.info/?l=bugtraq&m=104552193927323&w=2
http://sourceforge.net/project/shownotes.php?release_id=126233
http://www.debian.org/security/2003/dsa-249
http://www.debian.org/security/2003/dsa-250
http://www.debian.org/security/2003/dsa-251
http://www.iss.net/security_center/static/11266.php
http://www.redhat.com/support/errata/RHSA-2003-044.html
http://www.redhat.com/support/errata/RHSA-2003-045.html
http://www.securityfocus.com/bid/6794

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

18-10-2016 - 02:26

Objavljeno

19-02-2003 - 05:00