漏洞信息详情
W3M Image Attribute跨站脚本攻击(XSS)漏洞
- CNNVD编号:CNNVD-200302-040
- 危害等级: 中危
![图片[1]-W3M Image Attribute跨站脚本攻击(XSS)漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-12/30f462579bec41fc25e0b1d57503e6d6.png)
- CVE编号:
CVE-2002-1348
- 漏洞类型:
输入验证
- 发布时间:
2003-02-19
- 威胁类型:
远程
- 更新时间:
2005-05-13
- 厂 商:
w3m - 漏洞来源:
This vulnerability… -
漏洞简介
W3m 0.3.2.2之前的版本没有正确避免IMG标签中ALT属性的HTML标签,远程攻击者可以利用该漏洞访问文件或cookies。
漏洞公告
It is recommended that all Gentoo Linux users who are running
net-www/w3m upgrade to w3m-0.3.2.2 as follows:
emerge sync
emerge -u w3m
emerge clean
OpenPKG has released a security advisory (OpenPKG-SA-2003.009) which contains information on how to obtain fixes via ftp. OpenPKG users are advised to upgrade their w3m packages as soon as possible.
Fixes available:
W3M W3M 0.2
-
RedHat w3m-0.3.1-4.7.1.1.i386.rpm
ftp://updates.redhat.com/7.0/ja/os/i386/w3m-0.3.1-4.7.1.1.i386.rpm
W3M W3M 0.2.1
-
RedHat w3m-0.3.1-4.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/w3m-0.3.1-4.7.2.i386.rpm -
RedHat w3m-0.3.1-4.7.2.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/w3m-0.3.1-4.7.2.ia64.rpm
W3M w3mmee 0.3 .p23.3
-
Debian w3mmee-img_0.3.p23.3-1.5_alpha.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p
23.3-1.5_alpha.deb -
Debian w3mmee-img_0.3.p23.3-1.5_arm.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p
23.3-1.5_arm.deb -
Debian w3mmee-img_0.3.p23.3-1.5_hppa.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p
23.3-1.5_hppa.deb -
Debian w3mmee-img_0.3.p23.3-1.5_i386.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p
23.3-1.5_i386.deb -
Debian w3mmee-img_0.3.p23.3-1.5_ia64.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p
23.3-1.5_ia64.deb -
Debian w3mmee-img_0.3.p23.3-1.5_m68k.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p
23.3-1.5_m68k.deb -
Debian w3mmee-img_0.3.p23.3-1.5_mips.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p
23.3-1.5_mips.deb -
Debian w3mmee-img_0.3.p23.3-1.5_mipsel.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p
23.3-1.5_mipsel.deb -
Debian w3mmee-img_0.3.p23.3-1.5_powerpc.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p
23.3-1.5_powerpc.deb -
Debian w3mmee-img_0.3.p23.3-1.5_s390.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p
23.3-1.5_s390.deb -
Debian w3mmee-img_0.3.p23.3-1.5_sparc.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p
23.3-1.5_sparc.deb -
Debian w3mmee_0.3.p23.3-1.5_alpha.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3
-1.5_alpha.deb -
Debian w3mmee_0.3.p23.3-1.5_arm.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3
-1.5_arm.deb -
Debian w3mmee_0.3.p23.3-1.5_hppa.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3
-1.5_hppa.deb -
Debian w3mmee_0.3.p23.3-1.5_i386.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3
-1.5_i386.deb -
Debian w3mmee_0.3.p23.3-1.5_ia64.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3
-1.5_ia64.deb -
Debian w3mmee_0.3.p23.3-1.5_m68k.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3
-1.5_m68k.deb -
Debian w3mmee_0.3.p23.3-1.5_mips.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3
-1.5_mips.deb -
Debian w3mmee_0.3.p23.3-1.5_mipsel.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3
-1.5_mipsel.deb -
Debian w3mmee_0.3.p23.3-1.5_powerpc.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3
-1.5_powerpc.deb -
Debian w3mmee_0.3.p23.3-1.5_s390.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3
-1.5_s390.deb -
Debian w3mmee_0.3.p23.3-1.5_sparc.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3
-1.5_sparc.deb
W3M w3mmee-ssl 0.3 .p23.3
-
Debian w3mmee-ssl_0.3.p23.3-1.5.woody_alpha.debDebian 3.0 woody.
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0
.3.p23.3-1.5_alpha.deb -
Debian w3mmee-ssl_0.3.p23.3-1.5.woody_arm.debDebian 3.0 woody.
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0
.3.p23.3-1.5_arm.deb -
Debian w3mmee-ssl_0.3.p23.3-1.5.woody_hppa.debDebian 3.0 woody.
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0
.3.p23.3-1.5_hppa.deb -
Debian w3mmee-ssl_0.3.p23.3-1.5.woody_i386.debDebian 3.0 woody.
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0
.3.p23.3-1.5_i386.deb -
Debian w3mmee-ssl_0.3.p23.3-1.5.woody_ia64.debDebian 3.0 woody.
参考网址
来源: REDHAT
名称: RHSA-2003:044
链接:http://www.redhat.com/support/errata/RHSA-2003-044.html来源: XF
名称: w3m-img-alt-xss(11266)
链接:http://www.iss.net/security_center/static/11266.php来源: sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=126233来源: BID
名称: 6794
链接:http://www.securityfocus.com/bid/6794来源: REDHAT
名称: RHSA-2003:045
链接:http://www.redhat.com/support/errata/RHSA-2003-045.html来源: DEBIAN
名称: DSA-251
链接:http://www.debian.org/security/2003/dsa-251来源: DEBIAN
名称: DSA-250
链接:http://www.debian.org/security/2003/dsa-250来源: DEBIAN
名称: DSA-249
链接:http://www.debian.org/security/2003/dsa-249来源: BUGTRAQ
名称: 20030217 GLSA: w3m
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104552193927323&w=2
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
