4.3

CVE-2008-2929

Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatDirectory Server Version7.1 Updatesp1
RedhatDirectory Server Version7.1 Updatesp2
RedhatDirectory Server Version7.1 Updatesp3
RedhatDirectory Server Version7.1 Updatesp4
RedhatDirectory Server Version7.1 Updatesp5
RedhatDirectory Server Version7.1 Updatesp6
RedhatDirectory Server Version8.0 Updateel4
RedhatDirectory Server Version8.0 Updateel5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.7% 0.742
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861
http://secunia.com/advisories/31565
http://secunia.com/advisories/31702
http://secunia.com/advisories/31777
http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html
Patch
http://www.vupen.com/english/advisories/2008/2480
https://rhn.redhat.com/errata/RHSA-2008-0596.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00218.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00449.html
http://secunia.com/advisories/31612
http://securitytracker.com/id?1020772
http://www.securityfocus.com/bid/30870
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=454621
https://exchange.xforce.ibmcloud.com/vulnerabilities/44737
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5877
https://rhn.redhat.com/errata/RHSA-2008-0601.html