漏洞信息详情
CGI.pm Start_Form跨站脚本漏洞
- CNNVD编号:CNNVD-200308-158
- 危害等级: 中危
![图片[1]-CGI.pm Start_Form跨站脚本漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-16/30f462579bec41fc25e0b1d57503e6d6.png)
- CVE编号:
CVE-2003-0615
- 漏洞类型:
跨站脚本
- 发布时间:
2003-08-27
- 威胁类型:
远程
- 更新时间:
2005-10-20
- 厂 商:
debian - 漏洞来源:
Discovery of this … -
漏洞简介
CGI.pm的start_form()存在跨站脚本(XSS)漏洞。远程攻击者可以借助注入表格action参数的URL插入web脚本。
漏洞公告
NOTE: The vendor has reported that this vulnerability has been addressed in CGI.pm version 2.94. Customers who are affected by this issue should upgrade to the current version 2.98 to address this issue.
Please see the referenced vendor advisories for more information.
SOTLinux SOTLinux 2003 Desktop
-
SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Desktop.
ftp://ftp.sot.com/updates/2003/Desktop/i386/perl-5.8.0-3.i386.rpm -
SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Server.
ftp://ftp.sot.com/updates/2003/Server/i386/perl-5.8.0-3.i386.rpm
SOTLinux SOTLinux 2003 Server
-
SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Desktop.
ftp://ftp.sot.com/updates/2003/Desktop/i386/perl-5.8.0-3.i386.rpm -
SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Server.
ftp://ftp.sot.com/updates/2003/Server/i386/perl-5.8.0-3.i386.rpm
Sun Solaris 9
Sun Solaris 9_x86
Sun Solaris 8_x86
OpenPKG OpenPKG 1.3
-
OpenPKG perl-www-1.3.1-1.3.1.src.rpm
ftp://ftp.openpkg.org/release/1.3/UPD/perl-www-1.3.1-1.3.1.src.rpm
MandrakeSoft Corporate Server 2.1
-
Mandrake perl-CGI-3.00-0.2mdk.noarch.rpmCorporate Server 2.1/x86_64FTP Folder: x86_64/corporate/2.1/RPMS/
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-CGI-3.00-0.2mdk.noarch.rpmCorporate Server 2.1FTP Folder: corporate/2.1/RPMS/
http://www.mandrakesecure.net/en/ftp.php
CGI.pm CGI.pm 2.73
-
CGI.pm CGI.pm Version 2.98
http://stein.cshl.org/WWW/software/CGI/#download -
SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Desktop.
ftp://ftp.sot.com/updates/2003/Desktop/i386/perl-5.8.0-3.i386.rpm -
SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Server.
ftp://ftp.sot.com/updates/2003/Server/i386/perl-5.8.0-3.i386.rpm
CGI.pm CGI.pm 2.74
-
CGI.pm CGI.pm Version 2.98
http://stein.cshl.org/WWW/software/CGI/#download -
SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Desktop.
ftp://ftp.sot.com/updates/2003/Desktop/i386/perl-5.8.0-3.i386.rpm -
SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Server.
ftp://ftp.sot.com/updates/2003/Server/i386/perl-5.8.0-3.i386.rpm
CGI.pm CGI.pm 2.75
-
CGI.pm CGI.pm Version 2.98
http://stein.cshl.org/WWW/software/CGI/#download -
SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Desktop.
ftp://ftp.sot.com/updates/2003/Desktop/i386/perl-5.8.0-3.i386.rpm -
SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Server.
ftp://ftp.sot.com/updates/2003/Server/i386/perl-5.8.0-3.i386.rpm
CGI.pm CGI.pm 2.751
-
CGI.pm CGI.pm Version 2.98
http://stein.cshl.org/WWW/software/CGI/#download -
SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Desktop.
ftp://ftp.sot.com/updates/2003/Desktop/i386/perl-5.8.0-3.i386.rpm -
SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Server.
ftp://ftp.sot.com/updates/2003/Server/i386/perl-5.8.0-3.i386.rpm
CGI.pm CGI.pm 2.753
-
CGI.pm CGI.pm Version 2.98
http://stein.cshl.org/WWW/software/CGI/#download -
SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Desktop.
ftp://ftp.sot.com/updates/2003/Desktop/i386/perl-5.8.0-3.i386.rpm -
SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Server.
ftp://ftp.sot.com/updates/2003/Server/i386/perl-5.8.0-3.i386.rpm
CGI.pm CGI.pm 2.76
-
CGI.pm CGI.pm Version 2.98
http://stein.cshl.org/WWW/software/CGI/#download -
SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Desktop.
ftp://ftp.sot.com/updates/2003/Desktop/i386/perl-5.8.0-3.i386.rpm -
SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Server.
ftp://ftp.sot.com/updates/2003/Server/i386/perl-5.8.0-3.i386.rpm
CGI.pm CGI.pm 2.78
-
CGI.pm CGI.pm Version 2.98
http://stein.cshl.org/WWW/software/CGI/#download -
SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Desktop.
ftp://ftp.sot.com/updates/2003/Desktop/i386/perl-5.8.0-3.i386.rpm -
SOTLinux perl-5.8.0-3.i386.rpmUpgrade for SOT Linux 2003 Server.
ftp://ftp.sot.com/updates/2003/Server/i386/perl-5.8.0-3.i386.rpm
CGI.pm CGI.pm 2.79
-
CGI.pm CGI.pm Version 2.98
http://stein.cshl.org/WWW
参考网址
来源:US-CERT Vulnerability Note: VU#246409
名称: VU#246409
链接:http://www.kb.cert.org/vuls/id/246409
来源: BID
名称: 8231
链接:http://www.securityfocus.com/bid/8231
来源: BUGTRAQ
名称: 20030720 CGI.pm vulnerable to Cross-site Scripting
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105880349328877&w=2
来源: XF
名称: cgi-startform-xss(12669)
链接:http://xforce.iss.net/xforce/xfdb/12669
来源: REDHAT
名称: RHSA-2003:256
链接:http://www.redhat.com/support/errata/RHSA-2003-256.html
来源: DEBIAN
名称: DSA-371
链接:http://www.debian.org/security/2003/dsa-371
来源: MANDRAKE
名称: MDKSA-2003:084
链接:http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084
来源: CIAC
名称: N-155
链接:http://www.ciac.org/ciac/bulletins/n-155.shtml
来源: SUNALERT
名称: 101426
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1
来源: SECTRACK
名称: 1007234
链接:http://securitytracker.com/id?1007234
来源: SECUNIA
名称: 13638
链接:http://secunia.com/advisories/13638
来源: FULLDISC
名称: 20030720 CGI.pm vulnerable to Cross-site Scripting.
链接:http://marc.theaimsgroup.com/?l=full-disclosure&m=105875211018698&w=2
来源: BUGTRAQ
名称: 20030806 [OpenPKG-SA-2003.036] OpenPKG Security Advisory (perl-www)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=106018783704468&w=2
来源: CONECTIVA
名称: CLA-2003:713
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000713
来源: US Government Resource: oval:org.mitre.oval:def:470
名称: oval:org.mitre.oval:def:470
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:470
来源: US Government Resource: oval:org.mitre.oval:def:307
名称: oval:org.mitre.oval:def:307
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:307
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
