Test Kennung:	1.3.6.1.4.1.25623.1.0.901115
Kategorie:	Web Servers
Titel:	Caucho Resin < 4.0.7 Multiple XSS Vulnerabilities - Active Check
Zusammenfassung:	Caucho Resin is prone to multiple cross-site scripting (XSS); vulnerabilities.
Beschreibung:	Summary: Caucho Resin is prone to multiple cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: The flaw is caused by improper validation of user-supplied input via the 'digest_username' and 'digest_realm' parameters in resin-admin/digest.php that allows the attackers to insert arbitrary HTML and script code. Vulnerability Impact: Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site. Affected Software/OS: Caucho Resin Professional 3.1.5, 3.1.10 and 4.0.6 are known to be affected. Other versions might be affected as well. Solution: Update to version 4.0.7 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2032 BugTraq ID: 40251 http://www.securityfocus.com/bid/40251 Bugtraq: 20100518 Caucho Technology Resin digest.php Cross Site Scripting Vulnerability (Google Search) http://www.securityfocus.com/archive/1/511341/100/0/threaded http://packetstormsecurity.org/1005-exploits/cauchoresin312-xss.txt http://secunia.com/advisories/39839 http://www.vupen.com/english/advisories/2010/1201 XForce ISS Database: caucho-resin-digest-xss(58733) https://exchange.xforce.ibmcloud.com/vulnerabilities/58733
Copyright	Copyright (C) 2010 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.