Lucene search

K

[email protected]NVD:CVE-2007-5496

HistoryMay 23, 2008 - 3:32 p.m.

CVE-2007-5496

2008-05-2315:32:00

CWE-79

[email protected]

web.nvd.nist.gov

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.1%

Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during composition of HTML documents for sealert.

Affected configurations

NVD

Node

redhatenterprise_linuxMatch5.0server

OR

redhatenterprise_linux_desktopMatch5client

AND

selinuxsetroubleshootMatch2.0.5

References

secunia.com/advisories/30339

securitytracker.com/id?1020078

www.redhat.com/support/errata/RHSA-2008-0061.html

www.securityfocus.com/bid/29324

bugzilla.redhat.com/show_bug.cgi?id=288271

exchange.xforce.ibmcloud.com/vulnerabilities/42592

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10455

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.1%

Related for NVD:CVE-2007-5496

prion1 veracode1 cve1 cvelist1 nessus3 openvas3 oraclelinux1 redhat1