漏洞信息详情
CGI.pm Start_Form跨站脚本漏洞
- CNNVD编号:CNNVD-200308-158
- 危害等级: 低危
- CVE编号: CVE-2003-0615
- 漏洞类型: 跨站脚本
- 发布时间: 2003-08-27
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: debian
- 漏洞来源: .');">Discovery of this ...
漏洞简介
CGI.pm的start_form()存在跨站脚本(XSS)漏洞。远程攻击者可以借助注入表格action参数的URL插入web脚本。
漏洞公告
NOTE: The vendor has reported that this vulnerability has been addressed in CGI.pm version 2.94. Customers who are affected by this issue should upgrade to the current version 2.98 to address this issue. Please see the referenced vendor advisories for more information. SOTLinux SOTLinux 2003 Desktop
- SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Desktop. ftp://ftp.sot.com/updates/2003/Desktop/i386/perl-5.8.0-3.i386.rpm
- SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Server. ftp://ftp.sot.com/updates/2003/Server/i386/perl-5.8.0-3.i386.rpm
- SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Desktop. ftp://ftp.sot.com/updates/2003/Desktop/i386/perl-5.8.0-3.i386.rpm
- SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Server. ftp://ftp.sot.com/updates/2003/Server/i386/perl-5.8.0-3.i386.rpm
- Sun 119449-01 http://sunsolve.sun.com/search/document.do?assetkey=1-21-119449-01-1
- Sun 119450-01 http://sunsolve.sun.com/search/document.do?assetkey=1-21-119450-01-1
- Sun 122092-01 http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -122092-01-1
- OpenPKG perl-www-1.3.1-1.3.1.src.rpm ftp://ftp.openpkg.org/release/1.3/UPD/perl-www-1.3.1-1.3.1.src.rpm
- Mandrake perl-CGI-3.00-0.2mdk.noarch.rpmCorporate Server 2.1/x86_64FTP Folder: x86_64/corporate/2.1/RPMS/ http://www.mandrakesecure.net/en/ftp.php
- Mandrake perl-CGI-3.00-0.2mdk.noarch.rpmCorporate Server 2.1FTP Folder: corporate/2.1/RPMS/ http://www.mandrakesecure.net/en/ftp.php
- CGI.pm CGI.pm Version 2.98 http://stein.cshl.org/WWW/software/CGI/#download
- SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Desktop. ftp://ftp.sot.com/updates/2003/Desktop/i386/perl-5.8.0-3.i386.rpm
- SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Server. ftp://ftp.sot.com/updates/2003/Server/i386/perl-5.8.0-3.i386.rpm
- CGI.pm CGI.pm Version 2.98 http://stein.cshl.org/WWW/software/CGI/#download
- SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Desktop. ftp://ftp.sot.com/updates/2003/Desktop/i386/perl-5.8.0-3.i386.rpm
- SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Server. ftp://ftp.sot.com/updates/2003/Server/i386/perl-5.8.0-3.i386.rpm
- CGI.pm CGI.pm Version 2.98 http://stein.cshl.org/WWW/software/CGI/#download
- SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Desktop. ftp://ftp.sot.com/updates/2003/Desktop/i386/perl-5.8.0-3.i386.rpm
- SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Server. ftp://ftp.sot.com/updates/2003/Server/i386/perl-5.8.0-3.i386.rpm
- CGI.pm CGI.pm Version 2.98 http://stein.cshl.org/WWW/software/CGI/#download
- SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Desktop. ftp://ftp.sot.com/updates/2003/Desktop/i386/perl-5.8.0-3.i386.rpm
- SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Server. ftp://ftp.sot.com/updates/2003/Server/i386/perl-5.8.0-3.i386.rpm
- CGI.pm CGI.pm Version 2.98 http://stein.cshl.org/WWW/software/CGI/#download
- SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Desktop. ftp://ftp.sot.com/updates/2003/Desktop/i386/perl-5.8.0-3.i386.rpm
- SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Server. ftp://ftp.sot.com/updates/2003/Server/i386/perl-5.8.0-3.i386.rpm
- CGI.pm CGI.pm Version 2.98 http://stein.cshl.org/WWW/software/CGI/#download
- SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Desktop. ftp://ftp.sot.com/updates/2003/Desktop/i386/perl-5.8.0-3.i386.rpm
- SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Server. ftp://ftp.sot.com/updates/2003/Server/i386/perl-5.8.0-3.i386.rpm
- CGI.pm CGI.pm Version 2.98 http://stein.cshl.org/WWW/software/CGI/#download
- SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Desktop. ftp://ftp.sot.com/updates/2003/Desktop/i386/perl-5.8.0-3.i386.rpm
- SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Server. ftp://ftp.sot.com/updates/2003/Server/i386/perl-5.8.0-3.i386.rpm
-
CGI.pm CGI.pm Version 2.98
http://stein.cshl.org/WWW
参考网址
来源:US-CERT Vulnerability Note: VU#246409 名称: VU#246409 链接:http://www.kb.cert.org/vuls/id/246409 来源: BID 名称: 8231 链接:http://www.securityfocus.com/bid/8231 来源: BUGTRAQ 名称: 20030720 CGI.pm vulnerable to Cross-site Scripting 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105880349328877&w=2 来源: XF 名称: cgi-startform-xss(12669) 链接:http://xforce.iss.net/xforce/xfdb/12669 来源: REDHAT 名称: RHSA-2003:256 链接:http://www.redhat.com/support/errata/RHSA-2003-256.HTML 来源: DEBIAN 名称: DSA-371 链接:http://www.debian.org/security/2003/dsa-371 来源: MANDRAKE 名称: MDKSA-2003:084 链接:http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084 来源: CIAC 名称: N-155 链接:http://www.ciac.org/ciac/bulletins/n-155.sHTML 来源: SUNALERT 名称: 101426 链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1 来源: SECTRACK 名称: 1007234 链接:http://securitytracker.com/id?1007234 来源: SECUNIA 名称: 13638 链接:http://secunia.com/advisories/13638 来源: FULLDISC 名称: 20030720 CGI.pm vulnerable to Cross-site Scripting. 链接:http://marc.theaimsgroup.com/?l=full-disclosure&m=105875211018698&w=2 来源: BUGTRAQ 名称: 20030806 [OpenPKG-SA-2003.036] OpenPKG Security Advisory (perl-www) 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=106018783704468&w=2 来源: CONECTIVA 名称: CLA-2003:713 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000713 来源: US Government Resource: oval:org.mitre.oval:def:470 名称: oval:org.mitre.oval:def:470 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:470 来源: US Government Resource: oval:org.mitre.oval:def:307 名称: oval:org.mitre.oval:def:307 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:307
受影响实体
- Debian Debian_linux:3.0:Sparc
- Debian Debian_linux:3.0:S-390
- Debian Debian_linux:3.0:Ppc
- Debian Debian_linux:3.0:Mipsel
- Debian Debian_linux:3.0:Mips
补丁
暂无
评论