Red Hat Local Security Checks : RedHat Security Advisory RHSA-2007:1095

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.59899

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2007:1095

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2007:1095.

The ht://Dig system is a complete World Wide Web indexing and searching
system for a small domain or intranet.

A cross-site scripting flaw was discovered in a htdig search page. An
attacker could construct a carefully crafted URL, which once visited by an
unsuspecting user, could cause a user's Web browser to execute malicious
script in the context of the visited htdig search Web page. (CVE-2007-6110)

Users of htdig are advised to upgrade to these updated packages, which
contain backported patch to resolve this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-1095.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Medium

CVSS Score:
4.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-6110
BugTraq ID: 26610
http://www.securityfocus.com/bid/26610
Debian Security Information: DSA-1429 (Google Search)
http://www.debian.org/security/2007/dsa-1429
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00116.html
http://sourceforge.net/mailarchive/forum.php?thread_name=200709251310.55835.mskibbe%40suse.de&forum_name=htdig-dev
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11515
http://www.redhat.com/support/errata/RHSA-2007-1095.html
http://securitytracker.com/id?1019010
http://secunia.com/advisories/27850
http://secunia.com/advisories/27890
http://secunia.com/advisories/27965
http://secunia.com/advisories/28062
SuSE Security Announcement: SUSE-SR:2007:025 (Google Search)
http://www.novell.com/linux/security/advisories/2007_25_sr.html
http://www.vupen.com/english/advisories/2007/4038

Copyright Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.59899
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:1095
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:1095. The ht://Dig system is a complete World Wide Web indexing and searching system for a small domain or intranet. A cross-site scripting flaw was discovered in a htdig search page. An attacker could construct a carefully crafted URL, which once visited by an unsuspecting user, could cause a user's Web browser to execute malicious script in the context of the visited htdig search Web page. (CVE-2007-6110) Users of htdig are advised to upgrade to these updated packages, which contain backported patch to resolve this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-1095.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Medium CVSS Score: 4.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6110 BugTraq ID: 26610 http://www.securityfocus.com/bid/26610 Debian Security Information: DSA-1429 (Google Search) http://www.debian.org/security/2007/dsa-1429 https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00116.html http://sourceforge.net/mailarchive/forum.php?thread_name=200709251310.55835.mskibbe%40suse.de&forum_name=htdig-dev https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11515 http://www.redhat.com/support/errata/RHSA-2007-1095.html http://securitytracker.com/id?1019010 http://secunia.com/advisories/27850 http://secunia.com/advisories/27890 http://secunia.com/advisories/27965 http://secunia.com/advisories/28062 SuSE Security Announcement: SUSE-SR:2007:025 (Google Search) http://www.novell.com/linux/security/advisories/2007_25_sr.html http://www.vupen.com/english/advisories/2007/4038
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com