Red Hat Local Security Checks : RedHat Security Advisory RHSA-2005:090

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51652

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2005:090

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2005:090.

The ht://Dig system is a Web search and indexing system for a small domain
or intranet.

Michael Krax reported a cross-site scripting bug affecting htdig. An
attacker could construct a carefully crafted URL which can cause a web
browser to execute malicious script once visited. The Common
Vulnerabilities and Exposures project has assigned the name CVE-2005-0085
to this issue.

Users of htdig should upgrade to these updated packages, which contain a
backported patch, and are not vulnerable to this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-090.html

Risk factor : High

CVSS Score:
6.8

Referencia Cruzada: BugTraq ID: 12442
Common Vulnerability Exposure (CVE) ID: CVE-2005-0085
http://www.securityfocus.com/bid/12442
Debian Security Information: DSA-680 (Google Search)
http://www.debian.org/security/2005/dsa-680
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00002.html
http://www.gentoo.org/security/en/glsa/glsa-200502-16.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:063
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10878
http://www.redhat.com/support/errata/RHSA-2005-073.html
http://www.redhat.com/support/errata/RHSA-2005-090.html
SCO Security Bulletin: SCOSA-2005.46
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.46/SCOSA-2005.46.txt
http://securitytracker.com/id?1013078
http://secunia.com/advisories/14255
http://secunia.com/advisories/14276
http://secunia.com/advisories/14303
http://secunia.com/advisories/14795
http://secunia.com/advisories/15007
http://secunia.com/advisories/17414
http://secunia.com/advisories/17415
XForce ISS Database: htdig-config-xss(19223)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19223

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51652
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:090
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:090. The ht://Dig system is a Web search and indexing system for a small domain or intranet. Michael Krax reported a cross-site scripting bug affecting htdig. An attacker could construct a carefully crafted URL which can cause a web browser to execute malicious script once visited. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-0085 to this issue. Users of htdig should upgrade to these updated packages, which contain a backported patch, and are not vulnerable to this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-090.html Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	BugTraq ID: 12442 Common Vulnerability Exposure (CVE) ID: CVE-2005-0085 http://www.securityfocus.com/bid/12442 Debian Security Information: DSA-680 (Google Search) http://www.debian.org/security/2005/dsa-680 http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00002.html http://www.gentoo.org/security/en/glsa/glsa-200502-16.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:063 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10878 http://www.redhat.com/support/errata/RHSA-2005-073.html http://www.redhat.com/support/errata/RHSA-2005-090.html SCO Security Bulletin: SCOSA-2005.46 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.46/SCOSA-2005.46.txt http://securitytracker.com/id?1013078 http://secunia.com/advisories/14255 http://secunia.com/advisories/14276 http://secunia.com/advisories/14303 http://secunia.com/advisories/14795 http://secunia.com/advisories/15007 http://secunia.com/advisories/17414 http://secunia.com/advisories/17415 XForce ISS Database: htdig-config-xss(19223) https://exchange.xforce.ibmcloud.com/vulnerabilities/19223
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com