2.6

CVE-2011-2694

Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version >= 3.0.0 < 3.3.16
SambaSamba Version >= 3.4.0 < 3.4.14
SambaSamba Version >= 3.5.0 < 3.5.10
CanonicalUbuntu Linux Version8.04 SwEdition-
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version10.10
CanonicalUbuntu Linux Version11.04
DebianDebian Linux Version5.0
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.29% 0.927
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://samba.org/samba/history/samba-3.5.10.html
Vendor Advisory
http://secunia.com/advisories/45393
Vendor Advisory
Not Applicable
http://secunia.com/advisories/45488
Third Party Advisory
Not Applicable
http://secunia.com/advisories/45496
Third Party Advisory
Not Applicable
http://securitytracker.com/id?1025852
Third Party Advisory
Broken Link
VDB Entry
http://ubuntu.com/usn/usn-1182-1
Third Party Advisory
http://www.debian.org/security/2011/dsa-2290
Third Party Advisory
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
Third Party Advisory
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2011:121
Broken Link
http://jvn.jp/en/jp/JVN63041502/index.html
Third Party Advisory
http://osvdb.org/74072
Broken Link
http://www.samba.org/samba/security/CVE-2011-2694
Vendor Advisory
http://www.securityfocus.com/bid/48901
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=722537
Patch
Issue Tracking
https://bugzilla.samba.org/show_bug.cgi?id=8289
Patch
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/68844
Third Party Advisory
VDB Entry