漏洞信息详情
Pubcookies多个跨站脚本攻击漏洞
- CNNVD编号:CNNVD-200603-415
- 危害等级: 低危
- CVE编号: CVE-2006-1393
- 漏洞类型: 跨站脚本
- 发布时间: 2006-03-26
- 威胁类型: 远程
- 更新时间: 2006-03-27
- 厂 商: university_of_washington
- 漏洞来源: raphael.huck@free....
漏洞简介
在University of Washington Pubcookie 3.2.1b之前版本1.x, 3.0.0, 3.1.0, 3.1.1, 3.2,和3.3.0a之前版本3.3的mod_pubcookie Apache应用服务器模块中,存在多个跨站脚本攻击XSS)漏洞,远程攻击者可通过不明攻击向量注入任意Web脚本或HTML。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
University of Washington Pubcookie 3.2.1a
University of Washington pubcookie-3.2.1b.tar.gz
Unix
http://pubcookie.org/downloads/pubcookie-3.2.1b.tar.gz
University of Washington Pubcookie-3.3.0a.msi
Windows
http://pubcookie.org/downloads/Pubcookie-3.3.0a.msi
University of Washington pubcookie-3.3.0a.tar.gz
Unix
http://pubcookie.org/downloads/pubcookie-3.3.0a.tar.gz
University of Washington Pubcookie 1.0
University of Washington pubcookie-3.2.1b.tar.gz
Unix
http://pubcookie.org/downloads/pubcookie-3.2.1b.tar.gz
University of Washington Pubcookie-3.3.0a.msi
Windows
http://pubcookie.org/downloads/Pubcookie-3.3.0a.msi
University of Washington pubcookie-3.3.0a.tar.gz
Unix
http://pubcookie.org/downloads/pubcookie-3.3.0a.tar.gz
University of Washington Pubcookie 3.0
University of Washington pubcookie-3.2.1b.tar.gz
Unix
http://pubcookie.org/downloads/pubcookie-3.2.1b.tar.gz
University of Washington Pubcookie-3.3.0a.msi
Windows
http://pubcookie.org/downloads/Pubcookie-3.3.0a.msi
University of Washington pubcookie-3.3.0a.tar.gz
Unix
http://pubcookie.org/downloads/pubcookie-3.3.0a.tar.gz
University of Washington Pubcookie 3.1
University of Washington pubcookie-3.2.1b.tar.gz
Unix
http://pubcookie.org/downloads/pubcookie-3.2.1b.tar.gz
University of Washington Pubcookie-3.3.0a.msi
Windows
http://pubcookie.org/downloads/Pubcookie-3.3.0a.msi
University of Washington pubcookie-3.3.0a.tar.gz
Unix
http://pubcookie.org/downloads/pubcookie-3.3.0a.tar.gz
University of Washington Pubcookie 3.1.1
University of Washington pubcookie-3.2.1b.tar.gz
Unix
http://pubcookie.org/downloads/pubcookie-3.2.1b.tar.gz
University of Washington Pubcookie-3.3.0a.msi
Windows
http://pubcookie.org/downloads/Pubcookie-3.3.0a.msi
University of Washington pubcookie-3.3.0a.tar.gz
Unix
http://pubcookie.org/downloads/pubcookie-3.3.0a.tar.gz
University of Washington Pubcookie 3.2
University of Washington pubcookie-3.2.1b.tar.gz
Unix
http://pubcookie.org/downloads/pubcookie-3.2.1b.tar.gz
University of Washington Pubcookie-3.3.0a.msi
Windows
http://pubcookie.org/downloads/Pubcookie-3.3.0a.msi
University of Washington pubcookie-3.3.0a.tar.gz
Unix
http://pubcookie.org/downloads/pubcookie-3.3.0a.tar.gz
University of Washington Pubcookie 3.2.1
University of Washington pubcookie-3.2.1b.tar.gz
Unix
http://pubcookie.org/downloads/pubcookie-3.2.1b.tar.gz
University of Washington Pubcookie-3.3.0a.msi
Windows
http://pubcookie.org/downloads/Pubcookie-3.3.0a.msi
University of Washington pubcookie-3.3.0a.tar.gz
Unix
http://pubcookie.org/downloads/pubcookie-3.3.0a.tar.gz
University of Washington Pubcookie 3.3
University of Washington Pubcookie-3.3.0a.msi
Windows
http://pubcookie.org/downloads/Pubcookie-3.3.0a.msi
University of Washington pubcookie-3.3.0a.tar.gz
Unix
http://pubcookie.org/downloads/pubcookie-3.3.0a.tar.gz
参考网址
来源: US-CERT
名称: VU#314540
链接:http://www.kb.cert.org/vuls/id/314540
来源: XF
名称: pubcookie-appserver-module-xss(25426)
链接:http://xforce.iss.net/xforce/xfdb/25426
来源: SECUNIA
名称: 19348
链接:http://secunia.com/advisories/19348
来源: pubcookie.org
链接:http://pubcookie.org/news/20060306-apps-secadv.HTML
来源: BID
名称: 17221
链接:http://www.securityfocus.com/bid/17221
来源: OSVDB
名称: 24103
链接:http://www.osvdb.org/24103
受影响实体
- University_of_washington Pubcookie:3.3.0
- University_of_washington Pubcookie:3.2.1a
- University_of_washington Pubcookie:3.2.1
- University_of_washington Pubcookie:3.2.0
- University_of_washington Pubcookie:3.1.1
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论