W3M Frame启用浏览跨站脚本漏洞

admin
admin
admin
0
文章
0
评论
2022-07-22 10:01:49 CNNVD漏洞 来源:ZONE.CI 全球网 0 阅读模式

漏洞信息详情

W3M Frame启用浏览跨站脚本漏洞

  • CNNVD编号:CNNVD-200212-011
  • 危害等级: 低危
  • CVE编号: CVE-2002-1335
  • 漏洞类型: 跨站脚本
  • 发布时间: 2002-12-11
  • 威胁类型: 远程
  • 更新时间: 2005-10-20
  • 厂        商: w3m
  • 漏洞来源: .');">This vulnerability...

漏洞简介

w3m 0.3.2版本存在跨站脚本(XSS)漏洞。该漏洞不能避开一帧内的HTML标签,远程攻击者可以利用该漏洞插入任意web脚本或HTML并访问文件或cookies。

漏洞公告

It is recommended that all Gentoo Linux users who are running net-www/w3m upgrade to w3m-0.3.2.2 as follows: emerge sync emerge -u w3m emerge clean OpenPKG has released a security advisory (OpenPKG-SA-2003.009) which contains information on how to obtain fixes via ftp. OpenPKG users are advised to upgrade their w3m packages as soon as possible. Fixes available: W3M W3M 0.2

  • RedHat w3m-0.3.1-4.7.1.1.i386.rpm ftp://updates.redhat.com/7.0/ja/os/i386/w3m-0.3.1-4.7.1.1.i386.rpm
W3M W3M 0.2.1
  • RedHat w3m-0.3.1-4.7.2.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/w3m-0.3.1-4.7.2.i386.rpm
  • RedHat w3m-0.3.1-4.7.2.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/w3m-0.3.1-4.7.2.ia64.rpm
W3M w3mmee 0.3 .p23.3
  • Debian w3mmee-img_0.3.p23.3-1.5_alpha.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_alpha.deb
  • Debian w3mmee-img_0.3.p23.3-1.5_arm.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_arm.deb
  • Debian w3mmee-img_0.3.p23.3-1.5_hppa.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_hppa.deb
  • Debian w3mmee-img_0.3.p23.3-1.5_i386.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_i386.deb
  • Debian w3mmee-img_0.3.p23.3-1.5_ia64.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_ia64.deb
  • Debian w3mmee-img_0.3.p23.3-1.5_m68k.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_m68k.deb
  • Debian w3mmee-img_0.3.p23.3-1.5_mips.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_mips.deb
  • Debian w3mmee-img_0.3.p23.3-1.5_mipsel.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_mipsel.deb
  • Debian w3mmee-img_0.3.p23.3-1.5_powerpc.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_powerpc.deb
  • Debian w3mmee-img_0.3.p23.3-1.5_s390.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_s390.deb
  • Debian w3mmee-img_0.3.p23.3-1.5_sparc.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_sparc.deb
  • Debian w3mmee_0.3.p23.3-1.5_alpha.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_alpha.deb
  • Debian w3mmee_0.3.p23.3-1.5_arm.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_arm.deb
  • Debian w3mmee_0.3.p23.3-1.5_hppa.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_hppa.deb
  • Debian w3mmee_0.3.p23.3-1.5_i386.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_i386.deb
  • Debian w3mmee_0.3.p23.3-1.5_ia64.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_ia64.deb
  • Debian w3mmee_0.3.p23.3-1.5_m68k.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_m68k.deb
  • Debian w3mmee_0.3.p23.3-1.5_mips.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_mips.deb
  • Debian w3mmee_0.3.p23.3-1.5_mipsel.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_mipsel.deb
  • Debian w3mmee_0.3.p23.3-1.5_powerpc.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_powerpc.deb
  • Debian w3mmee_0.3.p23.3-1.5_s390.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_s390.deb
  • Debian w3mmee_0.3.p23.3-1.5_sparc.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_sparc.deb
W3M w3mmee-ssl 0.3 .p23.3
  • Debian w3mmee-ssl_0.3.p23.3-1.5.woody_alpha.debDebian 3.0 woody. http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0 .3.p23.3-1.5_alpha.deb
  • Debian w3mmee-ssl_0.3.p23.3-1.5.woody_arm.debDebian 3.0 woody. http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0 .3.p23.3-1.5_arm.deb
  • Debian w3mmee-ssl_0.3.p23.3-1.5.woody_hppa.debDebian 3.0 woody. http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0 .3.p23.3-1.5_hppa.deb
  • Debian w3mmee-ssl_0.3.p23.3-1.5.woody_i386.debDebian 3.0 woody. http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0 .3.p23.3-1.5_i386.deb
  • Debian w3mmee-ssl_0.3.p23.3-1.5.woody_ia64.debDebian 3.0 woody.

    参考网址

    来源: BID 名称: 6793 链接:http://www.securityfocus.com/bid/6793 来源: REDHAT 名称: RHSA-2003:044 链接:http://www.redhat.com/support/errata/RHSA-2003-044.HTML 来源: XF 名称: w3m-HTML-frame-xss(10842) 链接:http://xforce.iss.net/xforce/xfdb/10842 来源: REDHAT 名称: RHSA-2003:045 链接:http://www.redhat.com/support/errata/RHSA-2003-045.HTML 来源: OSVDB 名称: 6981 链接:http://www.osvdb.org/6981 来源: DEBIAN 名称: DSA-251 链接:http://www.debian.org/security/2003/dsa-251 来源: DEBIAN 名称: DSA-250 链接:http://www.debian.org/security/2003/dsa-250 来源: DEBIAN 名称: DSA-249 链接:http://www.debian.org/security/2003/dsa-249 来源: sourceforge.net 链接:http://sourceforge.net/project/shownotes.php?release_id=124484 来源: mi.med.tohoku.ac.jp 链接:http://mi.med.tohoku.ac.jp/%7Esatodai/w3m-dev-en/200211.month/838.HTML 来源: OPENPKG 名称: OpenPKG-SA-2003.009 链接:http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.009.HTML 来源: SECUNIA 名称: 8053 链接:http://secunia.com/advisories/8053 来源: SECUNIA 名称: 8031 链接:http://secunia.com/advisories/8031 来源: SECUNIA 名称: 8016 链接:http://secunia.com/advisories/8016 来源: SECUNIA 名称: 8015 链接:http://secunia.com/advisories/8015

受影响实体

  • W3m W3m:0.3.2  

补丁

    暂无

weinxin
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
咨询加Q:999999999
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 安全领域涉猎者-乌云独行地带
获取本源码
售前咨询加Q:120433200
站媒体网仿《知更鸟》模板
获取本源码 zmt6.com
评论:0   参与:  0