Pegasi Web服务器多个输入验证漏洞

漏洞信息详情

Pegasi Web服务器多个输入验证漏洞

• CNNVD编号：CNNVD-200412-337
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-2618
  
• 漏洞类型：
  
  
  跨站脚本
  
• 发布时间：
  
  2004-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-01-19
  
• 厂        商：
  
  pegasi_web_server
• 漏洞来源：
  Discovery is credi…

Pegasi Web服务器(PWS)0.2.2版本存在跨站脚本（XSS）漏洞。远程攻击者可以借助初始\’\’/\’\’（斜线）后直接跟着的URI注入任意web脚本。

The vendor has released an update to address the issues described in this BID. Users who are potentially affected are advised to apply this upgrade as soon as possible.
Pegasi Web Server Pegasi Web Server 0.2.2

• Jan De Luyck pws-0.2.3.tar.gz
  
  http://prdownloads.sourceforge.net/pws/pws-0.2.3.tar.gz?download

来源: BID
名称: 9847
链接:http://www.securityfocus.com/bid/9847

来源: www.autistici.org
链接:http://www.autistici.org/fdonato/advisory/pws0.2.2-adv.txt

来源: sourceforge.net
链接:http://sourceforge.net/forum/forum.php?forum_id=359660

来源: SECUNIA
名称: 11122
链接:http://secunia.com/advisories/11122

来源: BUGTRAQ
名称: 20040314 Re: Multiple Vulnerabilities in PWS 0.2.2
链接:http://archives.neohapsis.com/archives/bugtraq/2004-03/0136.html

来源: XF
名称: pws-xss(15436)
链接:http://xforce.iss.net/xforce/xfdb/15436

来源: OSVDB
名称: 4255
链接:http://www.osvdb.org/4255

来源: BUGTRAQ
名称: 20040311 Multiple Vulnerabilities in PWS 0.2.2
链接:http://archives.neohapsis.com/archives/bugtraq/2004-03/0109.html