ID de Prueba:	1.3.6.1.4.1.25623.1.0.55704
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLSA-2005:1040
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLSA-2005:1040. This announcement fixes three vulnerabilities in Bugzilla: Cross-site scripting It is possible to send a carefully crafted URL to Bugzilla designed to trigger an error message. The Internal Error message includes javascript code which displays the URL the user is visiting. The javascript code does not escape the URL before displaying it, allowing scripts contained in the URL to be executed by the browser. Information leak If a user correctly guesses the name of a product that should be invisible to them, they will be specifically informed that they do not have access to it, thus letting them know that the product exists. Also, users can enter bugs into products that are closed for bug entry, if they correctly guess the name of the product. User Password Embedded in URL The user's password can be embedded as part of a report URL and thus visible in the web server logs, if the user is prompted to log in while attempting to view a chart. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001040 http://www.bugzilla.org http://www.bugzilla.org/security/2.16.7-nr/ http://www.bugzilla.org/security/2.16.8/ Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.