Описание
Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| prototypejs | fixed | 1.6.0.2-1 | package | |
| asterisk | fixed | 1:1.6.2.0~rc3-1 | package | |
| asterisk | end-of-life | etch | package | |
| asterisk | no-dsa | lenny | package | |
| auth2db | fixed | 0.2.5-2+dfsg-1 | package | |
| libaws | fixed | 2.7-1 | package | |
| libaws | no-dsa | etch | package | |
| libaws | no-dsa | lenny | package | |
| libjson-ruby | fixed | 1.1.4-1 | package | |
| libjson-ruby | fixed | 1.1.2-1+lenny1 | lenny | package |
| lucene2 | fixed | 2.9.1+ds1-2 | package | |
| lucene2 | not-affected | etch | package | |
| glpi | fixed | 0.72.3-1 | package | |
| glpi | no-dsa | etch | package | |
| glpi | no-dsa | lenny | package | |
| knowledgeroot | fixed | 0.9.9.5-1 | package | |
| knowledgeroot | no-dsa | etch | package | |
| knowledgeroot | not-affected | lenny | package | |
| mt-daapd | fixed | 0.9~r1696.dfsg-6 | package | |
| mt-daapd | fixed | 0.2.4+r1376-1.1+etch3 | etch | package |
| mediatomb | fixed | 0.12.0~svn2018-5 | package | |
| mediatomb | no-dsa | lenny | package | |
| op-panel | fixed | 0.30~dfsg-1 | package | |
| ebug-http | fixed | 0.31-2.1 | package | |
| ebug-http | no-dsa | lenny | package | |
| poker-network | fixed | 1.7.6-1 | package | |
| poker-network | no-dsa | etch | package | |
| webhelpers | fixed | 0.3.4-2 | package | |
| qwik | removed | package | ||
| qwik | no-dsa | etch | package | |
| qwik | no-dsa | lenny | package | |
| wordpress | fixed | 2.5.0-2 | package | |
| wordpress | not-affected | etch | package | |
| exaile | fixed | 0.2.14+debian-2.2 | package | |
| exaile | no-dsa | lenny | package | |
| hobix | fixed | 0.5~svn20070319-4 | package | |
| hobix | no-dsa | lenny | package | |
| pixelpost | fixed | 1.7.1-6 | package | |
| pixelpost | no-dsa | lenny | package | |
| symfony | fixed | 1.0.21-1.1 | package | |
| symfony | no-dsa | lenny | package | |
| jscropperui | fixed | 1.2.1-1 | package | |
| jscropperui | no-dsa | lenny | package | |
| rt-extension-emailcompletion | not-affected | package | ||
| scriptaculous | fixed | 1.8.3-1 | package | |
| scriptaculous | no-dsa | lenny | package | |
| activeldap | fixed | 1.0.9-1 | package | |
| otrs2 | fixed | 2.3.4-6 | package | |
| otrs2 | not-affected | etch | package | |
| otrs2 | not-affected | lenny | package | |
| webcalendar | fixed | 1.2~b1-2 | package | |
| webcalendar | not-affected | lenny | package | |
| libhtml-prototype-perl | fixed | 1.48-3 | package | |
| libhtml-prototype-perl | no-dsa | etch | package | |
| libhtml-prototype-perl | no-dsa | lenny | package | |
| plone3 | removed | package | ||
| wesnoth | not-affected | package | ||
| webcit | not-affected | package | ||
| zabbix | not-affected | package | ||
| chora2 | not-affected | package | ||
| gollem | not-affected | package | ||
| ingo1 | not-affected | package | ||
| kronolith2 | not-affected | package | ||
| jifty | not-affected | package | ||
| jquery | not-affected | package | ||
| passenger | not-affected | package |
Примечания
prototype.js copy unused per #555225
Only shipped in an example
EPSS
Связанные уязвимости
Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors.
Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors.
Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors.
Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors.
EPSS