Test Kennung:	1.3.6.1.4.1.25623.1.0.55704
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLSA-2005:1040
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLSA-2005:1040. This announcement fixes three vulnerabilities in Bugzilla: Cross-site scripting It is possible to send a carefully crafted URL to Bugzilla designed to trigger an error message. The Internal Error message includes javascript code which displays the URL the user is visiting. The javascript code does not escape the URL before displaying it, allowing scripts contained in the URL to be executed by the browser. Information leak If a user correctly guesses the name of a product that should be invisible to them, they will be specifically informed that they do not have access to it, thus letting them know that the product exists. Also, users can enter bugs into products that are closed for bug entry, if they correctly guess the name of the product. User Password Embedded in URL The user's password can be embedded as part of a report URL and thus visible in the web server logs, if the user is prompted to log in while attempting to view a chart. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001040 http://www.bugzilla.org http://www.bugzilla.org/security/2.16.7-nr/ http://www.bugzilla.org/security/2.16.8/ Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.