Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:266 (awstats)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66022

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2009:266 (awstats)

Resumen: The remote host is missing an update to awstats;announced via advisory MDVSA-2009:266.

Descripción: Summary:
The remote host is missing an update to awstats
announced via advisory MDVSA-2009:266.

Vulnerability Insight:
A vulnerability has been found and corrected in awstats:

awstats.pl in AWStats 6.8 and earlier does not properly remove quote
characters, which allows remote attackers to conduct cross-site
scripting (XSS) attacks via the query_string parameter. NOTE:
this issue exists because of an incomplete fix for CVE-2008-3714
(CVE-2008-5080).

This update fixes this vulnerability.

Affected: Corporate 4.0, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-3714
BugTraq ID: 30730
http://www.securityfocus.com/bid/30730
Debian Security Information: DSA-1679 (Google Search)
http://www.debian.org/security/2008/dsa-1679
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00107.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00355.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:203
http://www.securitytracker.com/id?1020704
http://secunia.com/advisories/31519
http://secunia.com/advisories/31759
http://secunia.com/advisories/32939
http://secunia.com/advisories/33002
http://www.ubuntu.com/usn/usn-686-1
http://www.vupen.com/english/advisories/2008/2399
XForce ISS Database: awstats-awstats-xss(44504)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44504
Common Vulnerability Exposure (CVE) ID: CVE-2008-5080
33002
USN-686-1
awstats-querystring-xss(47116)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47116
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432#21
https://bugzilla.redhat.com/show_bug.cgi?id=474396

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66022
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:266 (awstats)
Resumen:	The remote host is missing an update to awstats;announced via advisory MDVSA-2009:266.
Descripción:	Summary: The remote host is missing an update to awstats announced via advisory MDVSA-2009:266. Vulnerability Insight: A vulnerability has been found and corrected in awstats: awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the query_string parameter. NOTE: this issue exists because of an incomplete fix for CVE-2008-3714 (CVE-2008-5080). This update fixes this vulnerability. Affected: Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3714 BugTraq ID: 30730 http://www.securityfocus.com/bid/30730 Debian Security Information: DSA-1679 (Google Search) http://www.debian.org/security/2008/dsa-1679 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00107.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00355.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:203 http://www.securitytracker.com/id?1020704 http://secunia.com/advisories/31519 http://secunia.com/advisories/31759 http://secunia.com/advisories/32939 http://secunia.com/advisories/33002 http://www.ubuntu.com/usn/usn-686-1 http://www.vupen.com/english/advisories/2008/2399 XForce ISS Database: awstats-awstats-xss(44504) https://exchange.xforce.ibmcloud.com/vulnerabilities/44504 Common Vulnerability Exposure (CVE) ID: CVE-2008-5080 33002 USN-686-1 awstats-querystring-xss(47116) https://exchange.xforce.ibmcloud.com/vulnerabilities/47116 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432#21 https://bugzilla.redhat.com/show_bug.cgi?id=474396
Copyright	Copyright (C) 2009 E-Soft Inc.