漏洞信息详情
Xapian omega 跨站脚本攻击漏洞
- CNNVD编号:CNNVD-200909-283
- 危害等级: 中危
- CVE编号: CVE-2009-2947
- 漏洞类型: 跨站脚本
- 发布时间: 2009-09-14
- 威胁类型: 远程
- 更新时间: 2009-09-16
- 厂 商: xapian
- 漏洞来源:
漏洞简介
Xapian Omega 1.0.16版本之前的版本中存在跨站脚本攻击漏洞。远程攻击者可以借助未知CGI参数值,注入任意WEB脚本或HTML。这些未知CGI参数值有时候会包含在在异常信息中。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: Debian Linux 4.0 amd64 Debian xapian-omega_0.9.9-1+etch1_amd64.deb http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-ome ga_0.9.9-1+etch1_amd64.deb Debian Linux 4.0 ia-32 Debian xapian-omega_0.9.9-1+etch1_i386.deb http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-ome ga_0.9.9-1+etch1_i386.deb Debian Linux 4.0 arm Debian xapian-omega_0.9.9-1+etch1_arm.deb http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-ome ga_0.9.9-1+etch1_arm.deb Debian Linux 5.0 hpDebian xapian-omega_1.0.7-3+lenny1_hppa.deb http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-ome ga_1.0.7-3+lenny1_hppa.deb Debian Linux 5.0 ia-64 Debian xapian-omega_1.0.7-3+lenny1_ia64.deb http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-ome ga_1.0.7-3+lenny1_ia64.deb Debian Linux 4.0 hppa Debian xapian-omega_0.9.9-1+etch1_hppa.deb http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-ome ga_0.9.9-1+etch1_hppa.deb Debian Linux 4.0 sparc Debian xapian-omega_0.9.9-1+etch1_sparc.deb http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-ome ga_0.9.9-1+etch1_sparc.deb Debian Linux 4.0 s/390 Debian xapian-omega_0.9.9-1+etch1_s390.deb http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-ome ga_0.9.9-1+etch1_s390.deb Debian Linux 5.0 arm Debian xapian-omega_1.0.7-3+lenny1_arm.deb http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-ome ga_1.0.7-3+lenny1_arm.deb Debian Linux 4.0 powerpc Debian xapian-omega_0.9.9-1+etch1_powerpc.deb http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-ome ga_0.9.9-1+etch1_powerpc.deb Debian Linux 4.0 alpha Debian xapian-omega_0.9.9-1+etch1_alpha.deb http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-ome ga_0.9.9-1+etch1_alpha.deb Debian Linux 5.0 armel Debian xapian-omega_1.0.7-3+lenny1_armel.deb http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-ome ga_1.0.7-3+lenny1_armel.deb Debian Linux 4.0 mipsel Debian xapian-omega_0.9.9-1+etch1_mipsel.deb http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-ome ga_0.9.9-1+etch1_mipsel.deb Debian Linux 5.0 amd64 Debian xapian-omega_1.0.7-3+lenny1_amd64.deb http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-ome ga_1.0.7-3+lenny1_amd64.deb Debian Linux 5.0 alpha Debian xapian-omega_1.0.7-3+lenny1_alpha.deb http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-ome ga_1.0.7-3+lenny1_alpha.deb Debian Linux 5.0 ia-32 Debian xapian-omega_1.0.7-3+lenny1_i386.deb http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-ome ga_1.0.7-3+lenny1_i386.deb Debian Linux 5.0 mips Debian xapian-omega_1.0.7-3+lenny1_mips.deb http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-ome ga_1.0.7-3+lenny1_mips.deb Debian Linux 5.0 s/390 Debian xapian-omega_1.0.7-3+lenny1_s390.deb http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-ome ga_1.0.7-3+lenny1_s390.deb Debian Linux 5.0 mipsel Debian xapian-omega_1.0.7-3+lenny1_mipsel.deb http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-ome ga_1.0.7-3+lenny1_mipsel.deb Debian Linux 5.0 powerpc Debian xapian-omega_1.0.7-3+lenny1_powerpc.deb http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-ome ga_1.0.7-3+lenny1_powerpc.deb Debian Linux 4.0 ia-64 Debian xapian-omega_0.9.9-1+etch1_ia64.deb http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-ome ga_0.9.9-1+etch1_ia64.deb Debian Linux 4.0 mips Debian xapian-omega_0.9.9-1+etch1_mips.deb http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-ome ga_0.9.9-1+etch1_mips.deb Debian Linux 5.0 sparc Debian xapian-omega_1.0.7-3+lenny1_sparc.deb http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-ome ga_1.0.7-3+lenny1_sparc.deb
参考网址
来源: BID 名称: 36317 链接:http://www.securityfocus.com/bid/36317 来源: DEBIAN 名称: DSA-1882 链接:http://www.debian.org/security/2009/dsa-1882 来源: svn.xapian.org 链接:http://svn.xapian.org/%2Acheckout%2A/tags/1.0.16/xapian-applications/omega/NEWS 来源: SECUNIA 名称: 36693 链接:http://secunia.com/advisories/36693 来源: SECUNIA 名称: 36674 链接:http://secunia.com/advisories/36674 来源: MLIST 名称: [xapian-discuss] 20090909 Cross-site scripting issue in Omega 链接:http://lists.xapian.org/pipermail/xapian-discuss/2009-September/007115.HTML
受影响实体
- Xapian Omega:0.8.4
- Xapian Omega:0.8.5
- Xapian Omega:0.9.0
- Xapian Omega:0.9.1
- Xapian Omega:0.9.2
补丁
暂无
评论