O’Reilly WebBoard Pager Hostile JavaScript漏洞

漏洞信息详情

O’Reilly WebBoard Pager Hostile JavaScript漏洞

• CNNVD编号：CNNVD-200110-068
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2001-0743
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  2001-10-18
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  oreilly
• 漏洞来源：
  
  on June 2, 2001′);”>Reported to bugtra…

O\’\’Reilly WebBoard Pager 4.10版本的Paging函数存在漏洞。远程攻击者借助带有后缀JavaScript命令的逃脱\’\’字符的消息导致服务拒绝。

WebBoard is no longer supported by O’Reilly, it is currently maintained by ChatSpace, Inc.
ChatSpace has released version 4.2 which is not vulnerable to this issue:
OReilly Software WebBoard 4.10.30

• ChatSpace webboard42
  ftp://ftp.chatspace.com/wb/support/software/webboard/webboard_4/window
  s_edition_msdesql/webboard42.zip

来源: BID
名称: 2814
链接:http://www.securityfocus.com/bid/2814

来源: BUGTRAQ
名称: 20010602 O’Reilly WebBoard 4.10.30 JavaScript code execution problem
链接:http://archives.neohapsis.com/archives/bugtraq/2001-05/0326.html