Login
Newsletter
Werbung

Sicherheit: Cross-Site Scripting in cgiwrap
Aktuelle Meldungen Distributionen
Name: Cross-Site Scripting in cgiwrap
ID: TLSA-2008-32
Distribution: TurboLinux
Plattformen: Turbolinux Appliance Server 2.0, Turbolinux Appliance Server 3.0, Turbolinux Appliance Server 3.0 x64 Edition, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition
Datum: Mi, 10. September 2008, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2852
Applikationen: cgiwrap

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2008-32
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 09 Sep 2008
Last revised: 09 Sep 2008

Package: cgiwrap

Summary: Cross-site scripting (XSS) vulnerability

More information:
CGIWrap is a gateway program that allows general users to use CGI scripts
and HTML
forms without compromising the security of the http server.

Cross-site scripting (XSS) vulnerability in CGIWrap before 4.1, when an
Internet Explorer
based browser is used, allows remote attackers to inject arbitrary web
script or HTML
via unspecified vectors related to failure to set the charset in error
messages. (CVE-2008-2852)

Affected Products:
- Turbolinux Appliance Server 3.0 x64 Edition
- Turbolinux Appliance Server 3.0
- Turbolinux Appliance Server 2.0
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition


<Turbolinux Appliance Server 3.0 x64 Edition>

Source Packages
Size: MD5

cgiwrap-3.9-7.src.rpm
151699 79c1d07b1ac282610cbe355de7905a77
turbolinux-tlas-3.0-20070411TL5.src.rpm
17616 93a1a9f4e964466ed69fe367e5e998fd

Binary Packages
Size: MD5

cgiwrap-3.9-7.x86_64.rpm
47808 a5080fc36536e6fc001cae6077d169df
turbolinux-tlas-capstone-3.0-20070411TL5.noarch.rpm
9347 99c0f9a2869ae14a42b9460d9f49bf3e
turbolinux-tlas-glue-3.0-20070411TL5.noarch.rpm
11839 0e96979f89381839f1b26822d5c24498

<Turbolinux Appliance Server 3.0>

Source Packages
Size: MD5

cgiwrap-3.9-7.src.rpm
151699 79c1d07b1ac282610cbe355de7905a77

Binary Packages
Size: MD5

cgiwrap-3.9-7.i686.rpm
46143 076009f67e6012ab091302a166527c2f

<Turbolinux Appliance Server 2.0>

Source Packages
Size: MD5

cgiwrap-3.9-7.src.rpm
151699 8c822157ed2e8ad3e7bd4354a4339be8

Binary Packages
Size: MD5

cgiwrap-3.9-7.i586.rpm
44974 c8c4d6a447686ab76c9013340792ad9f

<Turbolinux Appliance Server 1.0 Hosting Edition>

Source Packages
Size: MD5

cgiwrap-3.9-7.src.rpm
151699 2d33dbd84c783f7344ca93e79a16b8bd

Binary Packages
Size: MD5

cgiwrap-3.9-7.i586.rpm
41607 6630501a5ed74a990f8cb2b78b6c89e7


References:

CVE
[CVE-2008-2852]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2852

--------------------------------------------------------------------------
Revision History
09 Sep 2008 Initial release
--------------------------------------------------------------------------

Copyright(C) 2008 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkjGUHgACgkQK0LzjOqIJMxpPQCfQOp74WQrW1xnkMIEUzWU01sK
me4AoLJl58Pfa78jQplSHl5PIlnay+Sp
=AfZ1
-----END PGP SIGNATURE-----
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung