漏洞信息详情
W3M Frame启用浏览跨站脚本漏洞
- CNNVD编号:CNNVD-200212-011
- 危害等级: 低危
- CVE编号: CVE-2002-1335
- 漏洞类型: 跨站脚本
- 发布时间: 2002-12-11
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: w3m
- 漏洞来源: .');">This vulnerability...
漏洞简介
w3m 0.3.2版本存在跨站脚本(XSS)漏洞。该漏洞不能避开一帧内的HTML标签,远程攻击者可以利用该漏洞插入任意web脚本或HTML并访问文件或cookies。
漏洞公告
It is recommended that all Gentoo Linux users who are running net-www/w3m upgrade to w3m-0.3.2.2 as follows: emerge sync emerge -u w3m emerge clean OpenPKG has released a security advisory (OpenPKG-SA-2003.009) which contains information on how to obtain fixes via ftp. OpenPKG users are advised to upgrade their w3m packages as soon as possible. Fixes available: W3M W3M 0.2
- RedHat w3m-0.3.1-4.7.1.1.i386.rpm ftp://updates.redhat.com/7.0/ja/os/i386/w3m-0.3.1-4.7.1.1.i386.rpm
- RedHat w3m-0.3.1-4.7.2.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/w3m-0.3.1-4.7.2.i386.rpm
- RedHat w3m-0.3.1-4.7.2.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/w3m-0.3.1-4.7.2.ia64.rpm
- Debian w3mmee-img_0.3.p23.3-1.5_alpha.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_alpha.deb
- Debian w3mmee-img_0.3.p23.3-1.5_arm.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_arm.deb
- Debian w3mmee-img_0.3.p23.3-1.5_hppa.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_hppa.deb
- Debian w3mmee-img_0.3.p23.3-1.5_i386.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_i386.deb
- Debian w3mmee-img_0.3.p23.3-1.5_ia64.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_ia64.deb
- Debian w3mmee-img_0.3.p23.3-1.5_m68k.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_m68k.deb
- Debian w3mmee-img_0.3.p23.3-1.5_mips.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_mips.deb
- Debian w3mmee-img_0.3.p23.3-1.5_mipsel.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_mipsel.deb
- Debian w3mmee-img_0.3.p23.3-1.5_powerpc.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_powerpc.deb
- Debian w3mmee-img_0.3.p23.3-1.5_s390.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_s390.deb
- Debian w3mmee-img_0.3.p23.3-1.5_sparc.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_sparc.deb
- Debian w3mmee_0.3.p23.3-1.5_alpha.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_alpha.deb
- Debian w3mmee_0.3.p23.3-1.5_arm.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_arm.deb
- Debian w3mmee_0.3.p23.3-1.5_hppa.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_hppa.deb
- Debian w3mmee_0.3.p23.3-1.5_i386.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_i386.deb
- Debian w3mmee_0.3.p23.3-1.5_ia64.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_ia64.deb
- Debian w3mmee_0.3.p23.3-1.5_m68k.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_m68k.deb
- Debian w3mmee_0.3.p23.3-1.5_mips.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_mips.deb
- Debian w3mmee_0.3.p23.3-1.5_mipsel.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_mipsel.deb
- Debian w3mmee_0.3.p23.3-1.5_powerpc.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_powerpc.deb
- Debian w3mmee_0.3.p23.3-1.5_s390.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_s390.deb
- Debian w3mmee_0.3.p23.3-1.5_sparc.deb http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_sparc.deb
- Debian w3mmee-ssl_0.3.p23.3-1.5.woody_alpha.debDebian 3.0 woody. http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0 .3.p23.3-1.5_alpha.deb
- Debian w3mmee-ssl_0.3.p23.3-1.5.woody_arm.debDebian 3.0 woody. http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0 .3.p23.3-1.5_arm.deb
- Debian w3mmee-ssl_0.3.p23.3-1.5.woody_hppa.debDebian 3.0 woody. http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0 .3.p23.3-1.5_hppa.deb
- Debian w3mmee-ssl_0.3.p23.3-1.5.woody_i386.debDebian 3.0 woody. http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0 .3.p23.3-1.5_i386.deb
-
Debian w3mmee-ssl_0.3.p23.3-1.5.woody_ia64.debDebian 3.0 woody.
参考网址
来源: BID 名称: 6793 链接:http://www.securityfocus.com/bid/6793 来源: REDHAT 名称: RHSA-2003:044 链接:http://www.redhat.com/support/errata/RHSA-2003-044.HTML 来源: XF 名称: w3m-HTML-frame-xss(10842) 链接:http://xforce.iss.net/xforce/xfdb/10842 来源: REDHAT 名称: RHSA-2003:045 链接:http://www.redhat.com/support/errata/RHSA-2003-045.HTML 来源: OSVDB 名称: 6981 链接:http://www.osvdb.org/6981 来源: DEBIAN 名称: DSA-251 链接:http://www.debian.org/security/2003/dsa-251 来源: DEBIAN 名称: DSA-250 链接:http://www.debian.org/security/2003/dsa-250 来源: DEBIAN 名称: DSA-249 链接:http://www.debian.org/security/2003/dsa-249 来源: sourceforge.net 链接:http://sourceforge.net/project/shownotes.php?release_id=124484 来源: mi.med.tohoku.ac.jp 链接:http://mi.med.tohoku.ac.jp/%7Esatodai/w3m-dev-en/200211.month/838.HTML 来源: OPENPKG 名称: OpenPKG-SA-2003.009 链接:http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.009.HTML 来源: SECUNIA 名称: 8053 链接:http://secunia.com/advisories/8053 来源: SECUNIA 名称: 8031 链接:http://secunia.com/advisories/8031 来源: SECUNIA 名称: 8016 链接:http://secunia.com/advisories/8016 来源: SECUNIA 名称: 8015 链接:http://secunia.com/advisories/8015
受影响实体
- W3m W3m:0.3.2
补丁
暂无
评论