CVE-2001-0835

Опубликовано: 06 дек. 2001

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup.

Ссылки

http://lists.suse.com/archives/suse-security-announce/2001-Nov/0001.html
Patch
Vendor Advisory
http://marc.info/?l=bugtraq&m=100394630702875&w=2
http://www.linuxsecurity.com/advisories/other_advisory-1677.html
http://www.mrunix.net/webalizer/news.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2001-140.html
http://www.redhat.com/support/errata/RHSA-2001-141.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/3473
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7350
https://exchange.xforce.ibmcloud.com/vulnerabilities/7351
http://lists.suse.com/archives/suse-security-announce/2001-Nov/0001.html
Patch
Vendor Advisory
http://marc.info/?l=bugtraq&m=100394630702875&w=2
http://www.linuxsecurity.com/advisories/other_advisory-1677.html
http://www.mrunix.net/webalizer/news.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2001-140.html
http://www.redhat.com/support/errata/RHSA-2001-141.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/3473
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7350
https://exchange.xforce.ibmcloud.com/vulnerabilities/7351

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bradford_barrett:webalizer:*:*:*:*:*:*:*:*

Версия до 2.0.6 (включая)

EPSS

Процентиль: 89%

0.04689

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2001-0835

redhat

больше 23 лет назад

GHSA-49cp-mq89-xq82

github

около 3 лет назад