Lucene search
GoogleOSV:DSA-223HistoryJan 07, 2003 - 12:00 a.m.
geneweb - information exposure
2003-01-0700:00:00
Google
osv.dev
3
0.005 Low
EPSS
Percentile
76.3%
A security issue has been discovered by Daniel de Rauglaudre, upstream
author of geneweb, a genealogical software with web interface. It
runs as a daemon on port 2317 by default. Paths are not properly
sanitized, so a carefully crafted URL lead geneweb to read and display
arbitrary files of the system it runs on.
For the current stable distribution (woody) this problem has been
fixed in version 4.06-2.
The old stable distribution (potato) is not affected.
For the unstable distribution (sid) this problem has been
fixed in version 4.09-1.
We recommend that you upgrade your geneweb package.
References
Related
debian
debian
[SECURITY] [DSA 223-1] New geneweb packages fix information exposure
2003-01-07 15:27:45
[SECURITY] [DSA 223-1] New geneweb packages fix information exposure
2003-01-07 15:27:45
cve
cve
CVE-2002-1390
2004-09-01 04:00:00
nessus
nessus
Debian DSA-223-1 : geneweb - information exposure
2004-09-29 00:00:00
openvas
openvas
Debian Security Advisory DSA 223-1 (geneweb)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-223)
2008-01-17 00:00:00
nvd
nvd
CVE-2002-1390
2003-01-17 05:00:00
securityvulns
securityvulns
[SECURITY] [DSA 223-1] New geneweb packages fix information exposure
2003-01-08 00:00:00
cvelist
cvelist
CVE-2002-1390
2004-09-01 04:00:00
debiancve
debiancve
CVE-2002-1390
2004-09-01 04:00:00