Novell iChain Web Server登录失败页面跨站脚本漏洞

漏洞信息详情

Novell iChain Web Server登录失败页面跨站脚本漏洞

• CNNVD编号：CNNVD-200412-626
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-2757
  
• 漏洞类型：
  
  
  跨站脚本
  
• 发布时间：
  
  2004-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2004-12-31
  
• 厂        商：
  
  novell
• 漏洞来源：
  The disclosure of …

Novell iChain 2.2 build 2.2.113之前版本和2.3 First Customer Ship (FCS)的登录失败页面存在跨站脚本(XSS)漏洞。远程攻击者可以借助url参数注入任意web脚本或HTML。

Novell has released Technical Information Document (TID2968872) and iChain 2.2 Support Pack 3 Beta 1; this support pack contains a fix to address this and other issues. Please see the referenced Technical Information Document for further details regarding obtaining and applying this support pack.
The vendor has reported that Novell iChain builds 2.2.113 and later are not prone to this issue. Users are advised to upgrade to the fixed versions by contacting the vendor.

来源: XF
名称: ichain-url-xss(14873)
链接:http://xforce.iss.net/xforce/xfdb/14873

来源: BID
名称: 9412
链接:http://www.securityfocus.com/bid/9412

来源: support.novell.com
链接:http://support.novell.com/cgi-bin/search/searchtid.cgi?/10080762.htm

来源: SECUNIA
名称: 10653
链接:http://secunia.com/advisories/10653