CVE-2004-2735
CVSS4.3
发布时间 :2004-12-31 00:00:00
修订时间 :2008-09-05 16:44:58
NMCO    

[原文]Cross-site scripting (XSS) vulnerability in P4DB 2.01 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) SET_PREFERENCES parameter in SetPreferences.cgi; (2) BRANCH parameter in branchView.cgi; (3) FSPC and (4) COMPLETE parameters in changeByUsers.cgi; (5) FSPC, (6) LABEL, (7) EXLABEL, (8) STATUS, (9) MAXCH, (10) FIRSTCH, (11) CHOFFSETDISP, (12) SEARCHDESC, (13) SEARCH_INVERT, (14) USER, (15) GROUP, and (16) CLIENT parameters in changeList.cgi; (17) CH parameter in changeView.cgi; (18) USER parameter in clientList.cgi; (19) CLIENT parameter in clientView.cgi; (20) FSPC parameter in depotTreeBrowser.cgi; (21) FSPC parameter in depotStats.cgi; (22) FSPC, (23) REV, (24) ACT, (25) FSPC2, (26) REV2, (27) CH, and (28) CONTEXT parameters in fileDiffView.cgi; (29) FSPC and (30) REV parameters in fileDownLoad.cgi; (31) FSPC, (32) LISTLAB, and (33) SHOWBRANCH parameters in fileLogView.cgi; (34) FSPC and (35) LABEL parameters in fileSearch.cgi; (36) FSPC, (37) REV, and (38) FORCE parameters in fileViewer.cgi; (39) FSPC parameter in filesChangedSince.cgi; (40) GROUP parameter in groupView.cgi; (41) TYPE, (42) FSPC, and (43) REV parameters in htmlFileView.cgi; (44) CMD parameter in javaDataView.cgi; (45) JOBVIEW and (46) FLD parameters in jobList.cgi; (47) JOB parameter in jobView.cgi; (48) LABEL1 and (49) LABEL2 parameters in labelDiffView.cgi; (50) LABEL parameter in labelView.cgi; (51) FSPC parameter in searchPattern.cgi; (52) TYPE, (53) FSPC, and (54) REV parameters in specialFileView.cgi; (55) GROUPSONLY parameter in userList.cgi; or (56) USER parameter in userView.cgi.


[CNNVD]Subversion日期解析函数缓冲区溢出漏洞(CNNVD-200412-931)

        
        Subversion是一款版本控制系统。
        Subversion没有正确检查处理用户提交的请求数据,远程攻击者可以利用这个漏洞对系统进行缓冲区溢出攻击。
        当Subversions尝试转换字符串给apr_time_t函数时,会采用sscanf()函数来解码旧格式的日期字符串,由于对参数缺少充分检查,提交超长格式串数据可能触发缓冲区溢出。远程攻击者可以通过DAV2 REPORT查询或get-dated-rev svn-protocol命令来触发,精心构建提交数据可能以进程权限执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-79 [在Web页面生成时对输入的转义处理不恰当(跨站脚本)]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2735
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2735
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-931
(官方数据源) CNNVD

- 其它链接及资源

http://www.weak.org/~jammer/p4db_v2.01_patch_4.txt
(PATCH)  MISC  http://www.weak.org/~jammer/p4db_v2.01_patch_4.txt
http://xforce.iss.net/xforce/xfdb/16070
(UNKNOWN)  XF  p4db-url-xss(16070)
http://www.securityfocus.com/bid/10286
(UNKNOWN)  BID  10286
http://www.osvdb.org/5901
(UNKNOWN)  OSVDB  5901
http://securitytracker.com/id?1010078
(UNKNOWN)  SECTRACK  1010078
http://secunia.com/advisories/11559
(VENDOR_ADVISORY)  SECUNIA  11559
http://archives.neohapsis.com/archives/bugtraq/2004-05/0046.html
(UNKNOWN)  BUGTRAQ  20040505 Multiple vulnerabilities in P4DB

- 漏洞信息

Subversion日期解析函数缓冲区溢出漏洞
中危 跨站脚本
2004-12-31 00:00:00 2007-10-10 00:00:00
远程  
        
        Subversion是一款版本控制系统。
        Subversion没有正确检查处理用户提交的请求数据,远程攻击者可以利用这个漏洞对系统进行缓冲区溢出攻击。
        当Subversions尝试转换字符串给apr_time_t函数时,会采用sscanf()函数来解码旧格式的日期字符串,由于对参数缺少充分检查,提交超长格式串数据可能触发缓冲区溢出。远程攻击者可以通过DAV2 REPORT查询或get-dated-rev svn-protocol命令来触发,精心构建提交数据可能以进程权限执行任意指令。
        

- 公告与补丁

        厂商补丁:
        Subversion
        ----------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Subversion Upgrade 1.0.3
        
        http://subversion.tigris.org/project_packages.html

- 漏洞信息

5901
P4DB Multiple Unspecified XSS
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

P4DB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user input upon submission to an unknown script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

- 时间线

2004-05-05 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Jon McClintock has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站