Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1468

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1468
Last Modified 30 Apr 2010 01:20:53
Published 24 Mar 2008 05:44:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1468

Summary

Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Namazu 1.3.0.11

  • Namazu 2.0

  • Namazu 2.0.12

  • Namazu 2.0.13

  • Namazu 2.0.14

  • Namazu 2.0.15

  • Namazu 2.0.16

  • Namazu 2.0.17

  • Namazu 2.0.2


References

CONFIRM - http://www.namazu.org/security.html.en

SECUNIA - 39645

SECUNIA - 31687

SECUNIA - 29386

HP - HPSBMA02525

SUSE - SUSE-SR:2008:017

JVN - JVN#00892830

HP - SSRT100079

FEDORA - FEDORA-2008-2767

FEDORA - FEDORA-2008-2678

XF - namazu-character-encoding-xss(41360)

BID - 28380

SECUNIA - 29561

HP - SSRT100083

HP - HPSBMA02492


Last Updated: 27 May 2016 10:47:28