W3M Frame启用浏览跨站脚本漏洞-一一网

W3M Frame启用浏览跨站脚本漏洞

4年前更新

1570

漏洞信息详情

W3M Frame启用浏览跨站脚本漏洞

CNNVD编号：CNNVD-200212-011

危害等级：中危
CVE编号：
CVE-2002-1335
漏洞类型：

跨站脚本
发布时间：

2002-12-11
威胁类型：

远程
更新时间：

2005-10-20
厂商：

w3m
漏洞来源：
This vulnerability…

漏洞简介

w3m 0.3.2版本存在跨站脚本（XSS）漏洞。该漏洞不能避开一帧内的HTML标签，远程攻击者可以利用该漏洞插入任意web脚本或HTML并访问文件或cookies。

漏洞公告

It is recommended that all Gentoo Linux users who are running
net-www/w3m upgrade to w3m-0.3.2.2 as follows:
emerge sync
emerge -u w3m
emerge clean
OpenPKG has released a security advisory (OpenPKG-SA-2003.009) which contains information on how to obtain fixes via ftp. OpenPKG users are advised to upgrade their w3m packages as soon as possible.
Fixes available:
W3M W3M 0.2

RedHat w3m-0.3.1-4.7.1.1.i386.rpm
ftp://updates.redhat.com/7.0/ja/os/i386/w3m-0.3.1-4.7.1.1.i386.rpm

W3M W3M 0.2.1

RedHat w3m-0.3.1-4.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/w3m-0.3.1-4.7.2.i386.rpm
RedHat w3m-0.3.1-4.7.2.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/w3m-0.3.1-4.7.2.ia64.rpm

W3M w3mmee 0.3 .p23.3

Debian w3mmee-img_0.3.p23.3-1.5_alpha.deb

http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p
23.3-1.5_alpha.deb
Debian w3mmee-img_0.3.p23.3-1.5_arm.deb

http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p
23.3-1.5_arm.deb
Debian w3mmee-img_0.3.p23.3-1.5_hppa.deb

http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p
23.3-1.5_hppa.deb
Debian w3mmee-img_0.3.p23.3-1.5_i386.deb

http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p
23.3-1.5_i386.deb
Debian w3mmee-img_0.3.p23.3-1.5_ia64.deb

http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p
23.3-1.5_ia64.deb
Debian w3mmee-img_0.3.p23.3-1.5_m68k.deb

http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p
23.3-1.5_m68k.deb
Debian w3mmee-img_0.3.p23.3-1.5_mips.deb

http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p
23.3-1.5_mips.deb
Debian w3mmee-img_0.3.p23.3-1.5_mipsel.deb

http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p
23.3-1.5_mipsel.deb
Debian w3mmee-img_0.3.p23.3-1.5_powerpc.deb

http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p
23.3-1.5_powerpc.deb
Debian w3mmee-img_0.3.p23.3-1.5_s390.deb

http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p
23.3-1.5_s390.deb
Debian w3mmee-img_0.3.p23.3-1.5_sparc.deb

http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p
23.3-1.5_sparc.deb
Debian w3mmee_0.3.p23.3-1.5_alpha.deb

http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3
-1.5_alpha.deb
Debian w3mmee_0.3.p23.3-1.5_arm.deb

http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3
-1.5_arm.deb
Debian w3mmee_0.3.p23.3-1.5_hppa.deb

http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3
-1.5_hppa.deb
Debian w3mmee_0.3.p23.3-1.5_i386.deb

http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3
-1.5_i386.deb
Debian w3mmee_0.3.p23.3-1.5_ia64.deb

http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3
-1.5_ia64.deb
Debian w3mmee_0.3.p23.3-1.5_m68k.deb

http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3
-1.5_m68k.deb
Debian w3mmee_0.3.p23.3-1.5_mips.deb

http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3
-1.5_mips.deb
Debian w3mmee_0.3.p23.3-1.5_mipsel.deb

http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3
-1.5_mipsel.deb
Debian w3mmee_0.3.p23.3-1.5_powerpc.deb

http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3
-1.5_powerpc.deb
Debian w3mmee_0.3.p23.3-1.5_s390.deb

http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3
-1.5_s390.deb
Debian w3mmee_0.3.p23.3-1.5_sparc.deb

http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3
-1.5_sparc.deb

W3M w3mmee-ssl 0.3 .p23.3

Debian w3mmee-ssl_0.3.p23.3-1.5.woody_alpha.debDebian 3.0 woody.

http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0
.3.p23.3-1.5_alpha.deb
Debian w3mmee-ssl_0.3.p23.3-1.5.woody_arm.debDebian 3.0 woody.

http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0
.3.p23.3-1.5_arm.deb
Debian w3mmee-ssl_0.3.p23.3-1.5.woody_hppa.debDebian 3.0 woody.

http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0
.3.p23.3-1.5_hppa.deb
Debian w3mmee-ssl_0.3.p23.3-1.5.woody_i386.debDebian 3.0 woody.

http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0
.3.p23.3-1.5_i386.deb
Debian w3mmee-ssl_0.3.p23.3-1.5.woody_ia64.debDebian 3.0 woody.

参考网址

来源: BID
名称: 6793
链接:http://www.securityfocus.com/bid/6793

来源: REDHAT
名称: RHSA-2003:044
链接:http://www.redhat.com/support/errata/RHSA-2003-044.html

来源: XF
名称: w3m-html-frame-xss(10842)
链接:http://xforce.iss.net/xforce/xfdb/10842

来源: REDHAT
名称: RHSA-2003:045
链接:http://www.redhat.com/support/errata/RHSA-2003-045.html

来源: OSVDB
名称: 6981
链接:http://www.osvdb.org/6981

来源: DEBIAN
名称: DSA-251
链接:http://www.debian.org/security/2003/dsa-251

来源: DEBIAN
名称: DSA-250
链接:http://www.debian.org/security/2003/dsa-250

来源: DEBIAN
名称: DSA-249
链接:http://www.debian.org/security/2003/dsa-249

来源: sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=124484

来源: mi.med.tohoku.ac.jp
链接:http://mi.med.tohoku.ac.jp/%7Esatodai/w3m-dev-en/200211.month/838.html

来源: OPENPKG
名称: OpenPKG-SA-2003.009
链接:http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.009.html

来源: SECUNIA
名称: 8053
链接:http://secunia.com/advisories/8053

来源: SECUNIA
名称: 8031
链接:http://secunia.com/advisories/8031

来源: SECUNIA
名称: 8016
链接:http://secunia.com/advisories/8016

来源: SECUNIA
名称: 8015
链接:http://secunia.com/advisories/8015

受影响实体

W3m W3m:0.3.2

© 版权声明

文章版权归作者所有，未经允许请勿转载。

THE END

喜欢就支持一下吧

相关推荐