Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2007:1095
HistoryDec 03, 2007 - 4:39 p.m.

htdig security update

2007-12-0316:39:25
CentOS Project
lists.centos.org
45

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.1%

JSON

CentOS Errata and Security Advisory CESA-2007:1095

The ht://Dig system is a complete World Wide Web indexing and searching
system for a small domain or intranet.

A cross-site scripting flaw was discovered in a htdig search page. An
attacker could construct a carefully crafted URL, which once visited by an
unsuspecting user, could cause a user’s Web browser to execute malicious
script in the context of the visited htdig search Web page. (CVE-2007-6110)

Users of htdig are advised to upgrade to these updated packages, which
contain backported patch to resolve this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-December/076639.html
https://lists.centos.org/pipermail/centos-announce/2007-December/076640.html
https://lists.centos.org/pipermail/centos-announce/2007-December/076643.html
https://lists.centos.org/pipermail/centos-announce/2007-December/076644.html

Affected packages:
htdig
htdig-web

Upstream details at:
https://access.redhat.com/errata/RHSA-2007:1095

Related

openvas 11
veracode 1
nessus 10
oraclelinux 1
debian 1
fedora 3
cvelist 1
cve 1
redhat 1
ubuntucve 1
nvd 1
securityvulns 1
osv 1
prion 1
debiancve 1
openvas
openvas
Fedora Update for htdig FEDORA-2007-3907
2009-02-27 00:00:00
Debian: Security Advisory (DSA-1429-1)
2008-01-17 00:00:00
Fedora Update for htdig FEDORA-2007-3958
2009-02-27 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2020-04-10 00:19:19
nessus
nessus
ht://dig htsearch sort Parameter XSS
2007-11-28 00:00:00
Fedora 7 : htdig-3.2.0b6-12.fc7 (2007-3907)
2007-11-29 00:00:00
Oracle Linux 4 / 5 : htdig (ELSA-2007-1095)
2013-07-12 00:00:00
oraclelinux
oraclelinux
Moderate: htdig security update
2007-12-04 00:00:00
debian
debian
[SECURITY] [DSA 1429-1] New htdig packages fix cross site scripting
2007-12-11 22:11:41
fedora
fedora
[SECURITY] Fedora 8 Update: htdig-3.2.0b6-13.fc8
2007-11-29 01:46:18
[SECURITY] Fedora Core 6 Update: htdig-3.2.0b6-9.fc6
2007-12-03 15:47:07
[SECURITY] Fedora 7 Update: htdig-3.2.0b6-12.fc7
2007-11-29 01:39:58
cvelist
cvelist
CVE-2007-6110
2007-11-23 20:00:00
cve
cve
CVE-2007-6110
2007-11-23 20:46:00
redhat
redhat
(RHSA-2007:1095) Moderate: htdig security update
2007-12-03 00:00:00
ubuntucve
ubuntucve
CVE-2007-6110
2007-11-23 00:00:00
nvd
nvd
CVE-2007-6110
2007-11-23 20:46:00
securityvulns
securityvulns
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2007-12-13 00:00:00
osv
osv
htdig - cross site scripting
2007-12-11 00:00:00
prion
prion
Cross site scripting
2007-11-23 20:46:00
debiancve
debiancve
CVE-2007-6110
2007-11-23 20:46:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.1%

JSON
Related for CESA-2007:1095
openvas11veracode1nessus10oraclelinux1debian1fedora3cvelist1cve1redhat1ubuntucve1nvd1securityvulns1osv1prion1debiancve1