Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5496

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2007-5496
Last Modified 21 Aug 2010 01:12:13
Published 23 May 2008 11:32:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5496

Summary

Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during composition of HTML documents for sealert.

Vulnerable Systems

Application

  • Selinux Setroubleshoot 2.0.5


References

REDHAT - RHSA-2008:0061

SECTRACK - 1020078

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=288271

XF - setroubleshoot-sealert-avc-xss(42592)

BID - 29324

SECUNIA - 30339


Last Updated: 27 May 2016 10:46:12