Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0085

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2005-0085
Last Modified 21 Aug 2010 12:25:27
Published 27 Apr 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-0085

Summary

Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.

Vulnerable Systems

Operating System

  • Mandrakesoft Mandrake Linux 10.0

  • Mandrakesoft Mandrake Linux 10.1

  • Mandrakesoft Mandrake Linux Corporate Server 2.1

  • Mandrakesoft Mandrake Linux Corporate Server 3.0

  • Redhat Fedora Core Core 3.0

  • Suse Linux 8.0

  • Suse Linux 8.1

  • Suse Linux 8.2

  • Suse Linux 9.0

  • Suse Linux 9.1

  • Suse Linux 9.2

Application

  • Htdig 3.1.5

  • Htdig 3.1.5 7

  • Htdig 3.1.5 8

  • Htdig 3.1.6

  • Htdig 3.2.0

  • Htdig 3.2.0b2

  • Htdig 3.2.0b3

  • Htdig 3.2.0b4

  • Htdig 3.2.0b5

  • Htdig 3.2.0b6


References

BID - 12442

DEBIAN - DSA-680

XF - htdig-config-xss(19223)

REDHAT - RHSA-2005:073

GENTOO - GLSA-200502-16

SECTRACK - 1013078

REDHAT - RHSA-2005:090

FEDORA - FLSA-2006:152907

MANDRAKE - MDKSA-2005:063

SECUNIA - 17415

SECUNIA - 17414

SECUNIA - 15007

SECUNIA - 14795

SECUNIA - 14303

SECUNIA - 14276

SECUNIA - 14255

SCO - SCOSA-2005.46


Last Updated: 27 May 2016 10:39:39