CVE-2006-3312
CVSS4.3
发布时间 :2006-06-29 15:05:00
修订时间 :2013-09-13 01:13:19
NMCO    

[原文]Multiple cross-site scripting (XSS) vulnerabilities in ashmans and Bill Echlin QaTraq 6.5 RC and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) link_print, (2) link_upgrade, (3) link_sql, (4) link_next, (5) link_prev, and (6) link_list parameters in top.inc as included by queries_view_search.php; the (7) msg, (8) component_name, and (9) component_desc parameters in (a) components_copy_content.php, (b) components_modify_content.php, and (c) components_new_content.php; the (10) title, (11) version, and (12) content parameters in design_copy_content.php; the (13) plan_title and (14) plan_content parameters in design_copy_plan_search.php; the (15) title, (16) minor_version, (17) new_version, and (18) content parameters in design_modify_content.php; the (19) title, (20) version, and (21) content parameters in design_new_content.php; the (22) plan_name and (23) plan_desc parameters in design_new_search.php; the (24) file_name parameter in download.php; the (25) username and (26) password parameters in login.php; the (27) title, (28) version, and (29) content parameters in phase_copy_content.php; the (30) content parameter in phase_delete_search.php; the (31) title, (32) minor_version, (33) new_version, and (34) content parameters in phase_modify_content.php; the (35) content, (36) title, (37) version, and (38) content parameters in phase_modify_search.php; the (39) content parameter in phase_view_search.php; the (40) msg, (41) product_name, and (42) product_desc parameters in products_copy_content.php; and possibly the (43) product_name and (44) product_desc parameters in (d) products_copy_search.php, and a large number of additional parameters and executables. NOTE: the vendor notified CVE via e-mail that this issue has been fixed in the 6.8 RC release.


[CNNVD]ashmans/Bill Echlin QaTraq 多个跨站脚本攻击漏洞(CNNVD-200606-601)

        ashmans和Bill Echlin QaTraq 6.5 RC及更早版本中的多个跨站脚本攻击(XSS)漏洞,可让远程攻击者通过以下方式注入任意Web脚本或HTML:queries_view_search.php中包含的top.inc 中的(1) link_print、(2) link_upgrade、(3) link_sql、(4) link_next、(5) link_prev和(6) link_list参数;(a) components_copy_content.php、(b) components_modify_content.php和(c) components_new_content.php中的(7) msg、(8) component_name和(9) component_desc参数;design_copy_content.php中的(10) title、(11) version和(12) content参数;design_copy_plan_search.php中的(13) plan_title和(14) plan_content参数;design_modify_content.php中的(15) title、(16) minor_version、(17) new_version和(18) content参数;design_new_content.php中的(19) title、(20) version和(21) content参数;design_new_search.php中的(22) plan_name和(23) plan_desc参数;download.php中的(24) file_name参数;login.php中的(25) username和(26) password参数;phase_copy_content.php中的(27) title、(28) version和(29) content参数;phase_delete_search.php中的(30) content参数;phase_modify_content.php中的(31) title、(32) minor_version、(33) new_version和(34) content参数;phase_modify_search.php中的(35) content、(36) title、(37) version和(38) content参数;phase_view_search.php中的(39) content参数;products_copy_content.php中的(40) msg、(41) product_name和(42) product_desc参数;可能还有(d) products_copy_search.php中的(43) product_name和(44) product_desc参数,以及大量其他的参数和可执行文件。注意:供应商通过电子邮件通过CVE,已在6.8 RC版本中解决了此问题。

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3312
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3312
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200606-601
(官方数据源) CNNVD

- 其它链接及资源

http://www.testmanagement.com/
(UNKNOWN)  CONFIRM  http://www.testmanagement.com/
http://www.securityfocus.com/bid/18620
(UNKNOWN)  BID  18620
http://www.securityfocus.com/archive/1/archive/1/438151/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060623 QaTraq 6.5 RC: Multiple XSS Vulnerabilities
http://www.osvdb.org/27616
(UNKNOWN)  OSVDB  27616
http://www.osvdb.org/27615
(UNKNOWN)  OSVDB  27615
http://www.osvdb.org/27614
(UNKNOWN)  OSVDB  27614
http://www.osvdb.org/27613
(UNKNOWN)  OSVDB  27613
http://www.osvdb.org/27612
(UNKNOWN)  OSVDB  27612
http://www.osvdb.org/27611
(UNKNOWN)  OSVDB  27611
http://www.osvdb.org/27610
(UNKNOWN)  OSVDB  27610
http://www.osvdb.org/27609
(UNKNOWN)  OSVDB  27609
http://www.osvdb.org/27608
(UNKNOWN)  OSVDB  27608
http://www.osvdb.org/27607
(UNKNOWN)  OSVDB  27607
http://www.osvdb.org/27606
(UNKNOWN)  OSVDB  27606
http://www.osvdb.org/27605
(UNKNOWN)  OSVDB  27605
http://www.osvdb.org/27604
(UNKNOWN)  OSVDB  27604
http://www.osvdb.org/27603
(UNKNOWN)  OSVDB  27603
http://www.osvdb.org/27602
(UNKNOWN)  OSVDB  27602
http://www.osvdb.org/27601
(UNKNOWN)  OSVDB  27601
http://www.osvdb.org/27600
(UNKNOWN)  OSVDB  27600
http://www.osvdb.org/27599
(UNKNOWN)  OSVDB  27599
http://www.attrition.org/pipermail/vim/2006-August/000969.html
(UNKNOWN)  VIM  20060811 QaTraq multiple cross-site scripting vulnerabilities (fwd)
http://securitytracker.com/id?1016381
(UNKNOWN)  SECTRACK  1016381
http://seclab.tuwien.ac.at/advisories/TUVSA-0606-001.txt
(UNKNOWN)  MISC  http://seclab.tuwien.ac.at/advisories/TUVSA-0606-001.txt
http://xforce.iss.net/xforce/xfdb/27355
(UNKNOWN)  XF  qatraq-multiple-xss(27355)
http://securityreason.com/securityalert/1169
(UNKNOWN)  SREASON  1169

- 漏洞信息

ashmans/Bill Echlin QaTraq 多个跨站脚本攻击漏洞
中危 跨站脚本
2006-06-29 00:00:00 2006-08-21 00:00:00
远程  
        ashmans和Bill Echlin QaTraq 6.5 RC及更早版本中的多个跨站脚本攻击(XSS)漏洞,可让远程攻击者通过以下方式注入任意Web脚本或HTML:queries_view_search.php中包含的top.inc 中的(1) link_print、(2) link_upgrade、(3) link_sql、(4) link_next、(5) link_prev和(6) link_list参数;(a) components_copy_content.php、(b) components_modify_content.php和(c) components_new_content.php中的(7) msg、(8) component_name和(9) component_desc参数;design_copy_content.php中的(10) title、(11) version和(12) content参数;design_copy_plan_search.php中的(13) plan_title和(14) plan_content参数;design_modify_content.php中的(15) title、(16) minor_version、(17) new_version和(18) content参数;design_new_content.php中的(19) title、(20) version和(21) content参数;design_new_search.php中的(22) plan_name和(23) plan_desc参数;download.php中的(24) file_name参数;login.php中的(25) username和(26) password参数;phase_copy_content.php中的(27) title、(28) version和(29) content参数;phase_delete_search.php中的(30) content参数;phase_modify_content.php中的(31) title、(32) minor_version、(33) new_version和(34) content参数;phase_modify_search.php中的(35) content、(36) title、(37) version和(38) content参数;phase_view_search.php中的(39) content参数;products_copy_content.php中的(40) msg、(41) product_name和(42) product_desc参数;可能还有(d) products_copy_search.php中的(43) product_name和(44) product_desc参数,以及大量其他的参数和可执行文件。注意:供应商通过电子邮件通过CVE,已在6.8 RC版本中解决了此问题。

- 公告与补丁

        目前厂商已经发布了相关补丁,请到厂商的主页下载:
        QaTraq QaTraq 6.7 rc
        QaTraq qatraq_6_8_rc.tar.gz
        http://prdownloads.sourceforge.net/qatraq/qatraq_6_8_rc.tar.gz
        QaTraq QaTraq 6.6 rc
        QaTraq qatraq_6_8_rc.tar.gz
        http://prdownloads.sourceforge.net/qatraq/qatraq_6_8_rc.tar.gz
        QaTraq QaTraq 6.5
        QaTraq qatraq_6_8_rc.tar.gz
        http://prdownloads.sourceforge.net/qatraq/qatraq_6_8_rc.tar.gz
        

- 漏洞信息

27599
QaTraq top.inc Multiple Parameter XSS
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public Vendor Verified

- 漏洞描述

QaTraq contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'link_print', 'link_upgrade', 'link_sql', 'link_next', 'link_prev', and 'link_list' variables upon submission to the top.inc script, before being called by queries_view_search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

- 时间线

2006-06-23 Unknow
2006-06-23 Unknow

- 解决方案

Upgrade to version 6.7 RC or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站