漏洞信息详情
SiteBar 多个跨站脚本攻击漏洞
- CNNVD编号:CNNVD-200710-478
- 危害等级: 中危
- CVE编号: CVE-2007-5692
- 漏洞类型: 跨站脚本
- 发布时间: 2007-10-29
- 威胁类型: 远程
- 更新时间: 2007-10-31
- 厂 商: sitebar
- 漏洞来源: Robert Buchholz of...
漏洞简介
SiteBar 3.3.8版本中存在多个跨站脚本攻击漏洞。远程攻击者可以借助(1)对 integrator.php的lang参数; (2)一个New Password操作中的token参数, (3) Folder Properties操作的nid_acl参数, 或(4)对command.php的Modify User操作的uid参数; 或(5)对index.php的目标参数,注入任意web脚本或HTML。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Debian Linux 4.0 amd64
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 ia-32
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 arm
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 hppa
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 sparc
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 s/390
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 powerpc
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 alpha
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 m68k
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 mipsel
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 ia-64
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 mips
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 3.1 ppc
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 ia-64
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 arm
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 mips
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 ia-32
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 alpha
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 m68k
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 mipsel
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 s/390
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 amd64
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 hppa
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 sparc
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
SiteBar SiteBar 3.2.6
SiteBar SiteBar-3.3.9.tar.bz2
http://downloads.sourceforge.net/sitebar/SiteBar-3.3.9.tar.bz2?modtime
=1192322139&big_mirror=0
SiteBar SiteBar 3.3.2
SiteBar SiteBar-3.3.9.tar.bz2
http://downloads.sourceforge.net/sitebar/SiteBar-3.3.9.tar.bz2?modtime
=1192322139&big_mirror=0
SiteBar SiteBar 3.3.3
SiteBar SiteBar-3.3.9.tar.bz2
http://downloads.sourceforge.net/sitebar/SiteBar-3.3.9.tar.bz2?modtime
=1192322139&b
参考网址
来源: BID
名称: 26126
链接:http://www.securityfocus.com/bid/26126
来源: teamforge.net
链接:http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup
来源: BUGTRAQ
名称: 20071018 Serious holes affecting SiteBar 3.3.8
链接:http://www.securityfocus.com/archive/1/archive/1/482499/100/0/threaded
来源: OSVDB
名称: 41359
链接:http://osvdb.org/41359
来源: OSVDB
名称: 41358
链接:http://osvdb.org/41358
来源: OSVDB
名称: 41357
链接:http://osvdb.org/41357
来源: OSVDB
名称: 41356
链接:http://osvdb.org/41356
来源: OSVDB
名称: 41355
链接:http://osvdb.org/41355
来源: GENTOO
名称: GLSA-200711-05
链接:http://www.gentoo.org/security/en/glsa/glsa-200711-05.xml
来源: VUPEN
名称: ADV-2007-3768
链接:http://www.frsirt.com/english/advisories/2007/3768
来源: DEBIAN
名称: DSA-1423
链接:http://www.debian.org/security/2007/dsa-1423
来源: SREASON
名称: 3318
链接:http://securityreason.com/securityalert/3318
来源: SECUNIA
名称: 28008
链接:http://secunia.com/advisories/28008
来源: SECUNIA
名称: 27503
链接:http://secunia.com/advisories/27503
受影响实体
- Sitebar Sitebar:3.3.8
补丁
暂无
评论