Pubcookies多个跨站脚本攻击漏洞

漏洞信息详情

Pubcookies多个跨站脚本攻击漏洞

• CNNVD编号：CNNVD-200603-422
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2006-1394
  
• 漏洞类型：
  
  
  跨站脚本
  
• 发布时间：
  
  2006-03-26
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-03-27
  
• 厂        商：
  
  university_of_washington
• 漏洞来源：
  raphael.huck@free….

在University of Washington Pubcookie 3.2.1b之前版本3.1.0， 3.1.1， 3.2，和3.3.0a之前版本3.3的Microsoft IIS ISAPI filter(又称应用服务器模块)中存在多个跨站脚本攻击(XSS)漏洞，远程攻击者可通过不明攻击向量注入任意Web脚本或HTML。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

University of Washington Pubcookie 3.2.1a

University of Washington pubcookie-3.2.1b.tar.gz

Unix

http://pubcookie.org/downloads/pubcookie-3.2.1b.tar.gz

University of Washington Pubcookie-3.3.0a.msi

Windows

http://pubcookie.org/downloads/Pubcookie-3.3.0a.msi

University of Washington pubcookie-3.3.0a.tar.gz

Unix

http://pubcookie.org/downloads/pubcookie-3.3.0a.tar.gz

University of Washington Pubcookie 1.0

University of Washington pubcookie-3.2.1b.tar.gz

Unix

http://pubcookie.org/downloads/pubcookie-3.2.1b.tar.gz

University of Washington Pubcookie-3.3.0a.msi

Windows

http://pubcookie.org/downloads/Pubcookie-3.3.0a.msi

University of Washington pubcookie-3.3.0a.tar.gz

Unix

http://pubcookie.org/downloads/pubcookie-3.3.0a.tar.gz

University of Washington Pubcookie 3.0

University of Washington pubcookie-3.2.1b.tar.gz

Unix

http://pubcookie.org/downloads/pubcookie-3.2.1b.tar.gz

University of Washington Pubcookie-3.3.0a.msi

Windows

http://pubcookie.org/downloads/Pubcookie-3.3.0a.msi

University of Washington pubcookie-3.3.0a.tar.gz

Unix

http://pubcookie.org/downloads/pubcookie-3.3.0a.tar.gz

University of Washington Pubcookie 3.1

University of Washington pubcookie-3.2.1b.tar.gz

Unix

http://pubcookie.org/downloads/pubcookie-3.2.1b.tar.gz

University of Washington Pubcookie-3.3.0a.msi

Windows

http://pubcookie.org/downloads/Pubcookie-3.3.0a.msi

University of Washington pubcookie-3.3.0a.tar.gz

Unix

http://pubcookie.org/downloads/pubcookie-3.3.0a.tar.gz

University of Washington Pubcookie 3.1.1

University of Washington pubcookie-3.2.1b.tar.gz

Unix

http://pubcookie.org/downloads/pubcookie-3.2.1b.tar.gz

University of Washington Pubcookie-3.3.0a.msi

Windows

http://pubcookie.org/downloads/Pubcookie-3.3.0a.msi

University of Washington pubcookie-3.3.0a.tar.gz

Unix

http://pubcookie.org/downloads/pubcookie-3.3.0a.tar.gz

University of Washington Pubcookie 3.2

University of Washington pubcookie-3.2.1b.tar.gz

Unix

http://pubcookie.org/downloads/pubcookie-3.2.1b.tar.gz

University of Washington Pubcookie-3.3.0a.msi

Windows

http://pubcookie.org/downloads/Pubcookie-3.3.0a.msi

University of Washington pubcookie-3.3.0a.tar.gz

Unix

http://pubcookie.org/downloads/pubcookie-3.3.0a.tar.gz

University of Washington Pubcookie 3.2.1

University of Washington pubcookie-3.2.1b.tar.gz

Unix

http://pubcookie.org/downloads/pubcookie-3.2.1b.tar.gz

University of Washington Pubcookie-3.3.0a.msi

Windows

http://pubcookie.org/downloads/Pubcookie-3.3.0a.msi

University of Washington pubcookie-3.3.0a.tar.gz

Unix

http://pubcookie.org/downloads/pubcookie-3.3.0a.tar.gz

University of Washington Pubcookie 3.3

University of Washington Pubcookie-3.3.0a.msi

Windows

http://pubcookie.org/downloads/Pubcookie-3.3.0a.msi

University of Washington pubcookie-3.3.0a.tar.gz

Unix

http://pubcookie.org/downloads/pubcookie-3.3.0a.tar.gz

来源: US-CERT

名称: VU#314540

链接:http://www.kb.cert.org/vuls/id/314540

来源: pubcookie.org

链接:http://pubcookie.org/news/20060306-apps-secadv.html

来源: BID

名称: 17221

链接:http://www.securityfocus.com/bid/17221

来源: OSVDB

名称: 24520

链接:http://www.osvdb.org/24520

来源: SECUNIA

名称: 19348

链接:http://secunia.com/advisories/19348