CVE-2005-0085
CVSS6.8
发布时间 :2005-04-27 00:00:00
修订时间 :2010-08-21 00:25:27
NMCOPS    

[原文]Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.


[CNNVD]Dig Config Parameter跨站脚本攻击漏洞(CNNVD-200504-120)

        ht://Dig 是一款免费开放源代码的WEB搜索引擎和索引软件。
        ht://dig (htdig)的3.1.6-r7之前版本存在跨站脚本攻击(XSS)漏洞,远程攻击者可以通过config参数,该参数在显示于错误信息之前未经过正确地审查,从而注入任意web脚本或HTML。

- CVSS (基础分值)

CVSS分值: 6.8 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64
cpe:/o:mandrakesoft:mandrake_linux:10.1MandrakeSoft Mandrake Linux 10.1
cpe:/o:mandrakesoft:mandrake_linux:10.1::x86_64
cpe:/o:suse:suse_linux:8.1SuSE SuSE Linux 8.1
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64
cpe:/o:suse:suse_linux:9.2SuSE SuSE Linux 9.2
cpe:/o:redhat:fedora_core:core_3.0
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1MandrakeSoft Mandrake Linux Corporate Server 2.1
cpe:/a:htdig:htdig:3.2.0b2
cpe:/o:suse:suse_linux:9.1SuSE SuSE Linux 9.1
cpe:/a:htdig:htdig:3.2.0b6
cpe:/a:htdig:htdig:3.2.0b4
cpe:/a:htdig:htdig:3.1.5
cpe:/a:htdig:htdig:3.2.0b3
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64
cpe:/a:htdig:htdig:3.2.0b5
cpe:/o:suse:suse_linux:9.0::x86_64
cpe:/o:suse:suse_linux:8.0SuSE SuSE Linux 8.0
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0MandrakeSoft Mandrake Corporate Server 3.0
cpe:/o:suse:suse_linux:8.0::i386
cpe:/a:htdig:htdig:3.1.6
cpe:/a:htdig:htdig:3.2.0
cpe:/o:suse:suse_linux:9.0SuSE SuSE Linux 9.0
cpe:/a:htdig:htdig:3.1.5_8
cpe:/a:htdig:htdig:3.1.5_7
cpe:/o:suse:suse_linux:8.2SuSE SuSE Linux 8.2
cpe:/o:mandrakesoft:mandrake_linux:10.0MandrakeSoft Mandrake Linux 10.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10878Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0085
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0085
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200504-120
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/12442
(VENDOR_ADVISORY)  BID  12442
http://www.debian.org/security/2005/dsa-680
(VENDOR_ADVISORY)  DEBIAN  DSA-680
http://xforce.iss.net/xforce/xfdb/19223
(UNKNOWN)  XF  htdig-config-xss(19223)
http://www.redhat.com/support/errata/RHSA-2005-073.html
(UNKNOWN)  REDHAT  RHSA-2005:073
http://www.gentoo.org/security/en/glsa/glsa-200502-16.xml
(UNKNOWN)  GENTOO  GLSA-200502-16
http://securitytracker.com/id?1013078
(UNKNOWN)  SECTRACK  1013078
http://www.redhat.com/support/errata/RHSA-2005-090.html
(UNKNOWN)  REDHAT  RHSA-2005:090
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00002.html
(UNKNOWN)  FEDORA  FLSA-2006:152907
http://www.mandriva.com/security/advisories?name=MDKSA-2005:063
(UNKNOWN)  MANDRAKE  MDKSA-2005:063
http://secunia.com/advisories/17415
(UNKNOWN)  SECUNIA  17415
http://secunia.com/advisories/17414
(UNKNOWN)  SECUNIA  17414
http://secunia.com/advisories/15007
(UNKNOWN)  SECUNIA  15007
http://secunia.com/advisories/14795
(UNKNOWN)  SECUNIA  14795
http://secunia.com/advisories/14303
(UNKNOWN)  SECUNIA  14303
http://secunia.com/advisories/14276
(UNKNOWN)  SECUNIA  14276
http://secunia.com/advisories/14255
(UNKNOWN)  SECUNIA  14255
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.46/SCOSA-2005.46.txt
(UNKNOWN)  SCO  SCOSA-2005.46

- 漏洞信息

Dig Config Parameter跨站脚本攻击漏洞
中危 跨站脚本
2005-04-27 00:00:00 2005-10-20 00:00:00
远程  
        ht://Dig 是一款免费开放源代码的WEB搜索引擎和索引软件。
        ht://dig (htdig)的3.1.6-r7之前版本存在跨站脚本攻击(XSS)漏洞,远程攻击者可以通过config参数,该参数在显示于错误信息之前未经过正确地审查,从而注入任意web脚本或HTML。

- 公告与补丁

        暂无数据

- 漏洞信息 (F41231)

SCOSA-2005.46.txt (PacketStormID:F41231)
2005-11-03 00:00:00
SCO  sco.com
advisory,remote,web,arbitrary,xss
CVE-2005-0085
[点击下载]

SCO Security Advisory - Cross-site scripting vulnerability in docview (htdig) under OpenServer 5.0.7 and OpenServer 6.0.0 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

 			SCO Security Advisory

Subject:		OpenServer 5.0.7 OpenServer 6.0.0 : Cross-site Scripting Vulnerability in docview (htdig)
Advisory number: 	SCOSA-2005.46
Issue date: 		2005 November 02
Cross reference:	sr893247 fz531484 erg712808
 			CVE-2005-0085
______________________________________________________________________________


1. Problem Description

 	Cross-site scripting vulnerability in docview (htdig) allows
 	remote attackers to execute arbitrary web script or HTML via the
 	config parameter, which is not properly sanitized before it is
 	displayed in an error message.

 	The Common Vulnerabilities and Exposures project (cve.mitre.org)
 	has assigned the name CVE-2005-0085 to this issue.


2. Vulnerable Supported Versions

 	System				Binaries
 	----------------------------------------------------------------------
 	OpenServer 5.0.7 		/usr/bin/htsearch
 	OpenServer 6.0.0 		/usr/bin/htsearch


3. Solution

 	The proper solution is to install the latest packages.


4. OpenServer 5.0.7

 	4.1 Location of Fixed Binaries

 	ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.46/507


 	4.2 Verification

 	MD5 (VOL.000.000) = 535ce06b97643d63419f33c68e04fbea

 	md5 is available for download from
 		ftp://ftp.sco.com/pub/security/tools


 	4.3 Installing Fixed Binaries

 	Upgrade the affected binaries with the following sequence:

 	1) Download the VOL* files to a directory

 	2) Run the custom command, specify an install from media images,
 	and specify the directory as the location of the images.


5. OpenServer 6.0.0

 	5.1 Location of Fixed Binaries

 	ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.46/600


 	5.2 Verification

 	MD5 (VOL.000.000) = f9f0191b869256f953d082281c4dec26

 	md5 is available for download from
 		ftp://ftp.sco.com/pub/security/tools


 	5.3 Installing Fixed Binaries

 	Upgrade the affected binaries with the following sequence:

 	1) Download the VOL* files to a directory

 	2) Run the custom command, specify an install from media images,
 	and specify the directory as the location of the images.


6. References

 	Specific references for this advisory:
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0085
 		http://securitytracker.com/id?1013078
 		http://xforce.iss.net/xforce/xfdb/19223

 	SCO security resources:
 		http://www.sco.com/support/security/index.html

 	SCO security advisories via email
 		http://www.sco.com/support/forums/security.html

 	This security fix closes SCO incidents sr893247 fz531484
 	erg712808.


7. Disclaimer

 	SCO is not responsible for the misuse of any of the information
 	we provide on this website and/or through our security
 	advisories. Our advisories are a service to our customers
 	intended to promote secure installation and use of SCO
 	products.


8. Acknowledgments

 	SCO would like to thank Michael Krax for reporting this
 	vulnerability.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)

iD8DBQFDaSgLaqoBO7ipriERAkmPAJ9HWEVyA2yson0qHAbIJoKE6ct+sQCfTbjD
kD0DGwVKHFwdrQhglWx/z5M=
=lvQZ
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F41230)

SCOSA-2005.45.txt (PacketStormID:F41230)
2005-11-03 00:00:00
SCO  sco.com
advisory,remote,web,arbitrary,xss
unixware
CVE-2005-0085
[点击下载]

SCO Security Advisory - Cross-site scripting vulnerability in docview (htdig) under UnixWare 7.1.3 and UnixWare 7.1.4 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

 			SCO Security Advisory

Subject:		UnixWare 7.1.3 UnixWare 7.1.4 : Cross-site Scripting Vulnerability in docview (htdig)
Advisory number: 	SCOSA-2005.45
Issue date: 		2005 November 02
Cross reference:	sr893246 fz531483 erg712807
 			CVE-2005-0085
______________________________________________________________________________


1. Problem Description

 	Cross-site scripting vulnerability in docview (htdig) allows
 	remote attackers to execute arbitrary web script or HTML via the
 	config parameter, which is not properly sanitized before it is
 	displayed in an error message.

 	The Common Vulnerabilities and Exposures project (cve.mitre.org)
 	has assigned the name CVE-2005-0085 to this issue.


2. Vulnerable Supported Versions

 	System				Binaries
 	----------------------------------------------------------------------
 	UnixWare 7.1.3			/usr/bin/htsearch
 	UnixWare 7.1.4			/usr/bin/htsearch


3. Solution

 	The proper solution is to install the latest packages.


4. UnixWare 7.1.3

 	4.1 Location of Fixed Binaries

 	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.45/713


 	4.2 Verification

 	486315f201bc414087b9b8614174f85f  erg712807.Z

 	md5 is available for download from
 		ftp://ftp.sco.com/pub/security/tools


 	4.3 Installing Fixed Binaries

 	Upgrade the affected binaries with the following sequence:

 	Download erg712807.Z to the /var/spool/pkg directory

 	# uncompress /var/spool/pkg/erg712807.Z
 	# pkgadd -d /var/spool/pkg/erg712807


5. UnixWare 7.1.4

 	5.1 Location of Fixed Binaries

 	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.45/714


 	5.2 Verification

 	86a153577d647ccf0c94e870fa817c32  erg712807.Z

 	md5 is available for download from
 		ftp://ftp.sco.com/pub/security/tools


 	5.3 Installing Fixed Binaries

 	Upgrade the affected binaries with the following sequence:

 	Download erg712807.Z to the /var/spool/pkg directory

 	# uncompress /var/spool/pkg/erg712807.Z
 	# pkgadd -d /var/spool/pkg/erg712807


6. References

 	Specific references for this advisory:
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0085
 		http://securitytracker.com/id?1013078
 		http://xforce.iss.net/xforce/xfdb/19223

 	SCO security resources:
 		http://www.sco.com/support/security/index.html

 	SCO security advisories via email
 		http://www.sco.com/support/forums/security.html

 	This security fix closes SCO incidents sr893246 fz531483
 	erg712807.


7. Disclaimer

 	SCO is not responsible for the misuse of any of the information
 	we provide on this website and/or through our security
 	advisories. Our advisories are a service to our customers
 	intended to promote secure installation and use of SCO
 	products.


8. Acknowledgments

 	SCO would like to thank Michael Krax for reporting this
 	vulnerability.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)

iD8DBQFDaSBqaqoBO7ipriERAgd/AKCI86ak85GPTMdFfpxQz3caGbJ2VQCeJ4sr
Dl13BBed11W+ikgZu5ZDA8I=
=4CDB
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息

13520
ht://Dig (htdig) config Parameter XSS
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

ht://Dig (htdig) contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'config' parameter upon submission to an unspecified script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

- 时间线

2005-02-03 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Dig Config Parameter Cross-Site Scripting Vulnerability
Input Validation Error 12442
Yes No
2005-02-03 12:00:00 2006-07-31 10:21:00
This issue was reported by SuSE.

- 受影响的程序版本

SCO Unixware 7.1.4
SCO Unixware 7.1.3 up
SCO Unixware 7.1.3
SCO Open Server 6.0
SCO Open Server 5.0.7
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
ht://Dig Group ht://Dig 3.2 0b6
ht://Dig Group ht://Dig 3.2 0b5
ht://Dig Group ht://Dig 3.2 0b4
- Debian Linux 2.1
- Debian Linux 2.0
- HP HP-UX 10.20
- HP HP-UX 9.10
- Sun Solaris 2.6
- Sun Solaris 2.5
- Sun SunOS 4.1.4
ht://Dig Group ht://Dig 3.2 0b3
- Debian Linux 2.1
- Debian Linux 2.0
- HP HP-UX 10.20
- HP HP-UX 9.10
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 7.2
+ RedHat Linux 7.1
- Sun Solaris 2.6
- Sun Solaris 2.5
- Sun SunOS 4.1.4
ht://Dig Group ht://Dig 3.2 0b2
- Debian Linux 2.1
- Debian Linux 2.0
- HP HP-UX 10.20
- HP HP-UX 9.10
- Sun Solaris 2.6
- Sun Solaris 2.5
- Sun SunOS 4.1.4
ht://Dig Group ht://Dig 3.2 .0
+ Mandriva Linux Mandrake 8.1
ht://Dig Group ht://Dig 3.1.6
+ Debian Linux 3.0
- Debian Linux 2.1
- Debian Linux 2.0
+ Gentoo Linux
- HP HP-UX 10.20
- HP HP-UX 9.10
- Sun Solaris 2.6
- Sun Solaris 2.5
- Sun SunOS 4.1.4
ht://Dig Group ht://Dig 3.1.5 -8
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
ht://Dig Group ht://Dig 3.1.5 -7
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
ht://Dig Group ht://Dig 3.1.5
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
- Debian Linux 2.1
- Debian Linux 2.0
- HP HP-UX 10.20
- HP HP-UX 9.10
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
- Sun Solaris 2.6
- Sun Solaris 2.5
- Sun SunOS 4.1.4

- 漏洞讨论

ht://Dig is reported prone to a cross-site scripting vulnerability. This issue is due to the application's failure to properly sanitize user-supplied URI data before including it in dynamically generated web-page content.

All versions of ht://Dig are considered vulnerable at the moment.

- 漏洞利用

An exploit is not required.

- 解决方案

SuSE Linux has released a security summary report (SUSE-SR:2005:003) that contains fixes to address this and other vulnerabilities. Please see the referenced advisories for more information on obtaining and applying appropriate updates.


ht://Dig Group ht://Dig 3.1.6

ht://Dig Group ht://Dig 3.2 .0

ht://Dig Group ht://Dig 3.2 0b6

SCO Open Server 5.0.7

SCO Open Server 6.0

SCO Unixware 7.1.3

SCO Unixware 7.1.3 up

SCO Unixware 7.1.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站