Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2025

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-2025
Last Modified 18 Apr 2009 01:35:44
Published 09 Apr 2009 11:08:35
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2025

Summary

Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."

Vulnerable Systems

Application

  • Apache Struts 1.0.2

  • Apache Struts 1.1

  • Apache Struts 1.2.4

  • Apache Struts 1.2.7

  • Apache Struts 1.2.8


References

CONFIRM - http://download.opensuse.org/update/10.3-test/repodata/patch-struts-5872.xml

MISC - https://launchpad.net/bugs/cve/2008-2025

MISC - https://bugzilla.novell.com/show_bug.cgi?id=385273

CONFIRM - http://support.novell.com/security/cve/CVE-2008-2025.html

SECUNIA - 34642

SECUNIA - 34567

OSVDB - 53380

SUSE - SUSE-SR:2009:008


Last Updated: 27 May 2016 10:47:44