Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0835

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-0835
Last Modified 05 Sep 2008 04:25:02
Published 06 Dec 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0835

Summary

Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup.

Vulnerable Systems

Application

  • Bradford Barrett Webalizer 2.0.6


References

BID - 3473

REDHAT - RHSA-2001:141

CONFIRM - http://www.mrunix.net/webalizer/news.html

BUGTRAQ - 20011024 Cross-site Scripting Flaw in webalizer

SUSE - SuSE-SA:2001:040

XF - webalizer-html-tags-keywords(7351)

XF - webalizer-html-tag-host(7350)

REDHAT - RHSA-2001:140

ENGARDE - ESA-20011101-01


Last Updated: 27 May 2016 10:36:25