Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4667

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-4667
Last Modified 11 Oct 2012 11:30:52
Published 25 Aug 2012 06:29:53
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4667

Summary

Multiple cross-site scripting (XSS) vulnerabilities in SquidClamav 5.x before 5.8 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) virus, (3) source, or (4) user parameter to (a) clwarn.cgi, (b) clwarn.cgi.de_DE, (c) clwarn.cgi.en_EN, (d) clwarn.cgi.fr_FR, (e) clwarn.cgi.pt_BR, or (f) clwarn.cgi.ru_RU in cgi-bin/.

Vulnerable Systems

Application

  • Darold Squidclamav 5.0

  • Darold Squidclamav 5.1

  • Darold Squidclamav 5.2

  • Darold Squidclamav 5.3

  • Darold Squidclamav 5.4

  • Darold Squidclamav 5.5

  • Darold Squidclamav 5.6

  • Darold Squidclamav 5.7


References

MLIST - [oss-security] 20120816 Re: CVE Request: SquidClamav insufficient escaping flaws

MLIST - [oss-security] 20120816 CVE Request: SquidClamav insufficient escaping flaws

CONFIRM - http://squidclamav.darold.net/news.html

CONFIRM - http://freecode.com/projects/squidclamav/releases/346722

MLIST - [oss-security] 20120824 Re: CVE Request: SquidClamav insufficient escaping flaws


Last Updated: 27 May 2016 11:00:20