4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
81.1%
CentOS Errata and Security Advisory CESA-2007:1095
The ht://Dig system is a complete World Wide Web indexing and searching
system for a small domain or intranet.
A cross-site scripting flaw was discovered in a htdig search page. An
attacker could construct a carefully crafted URL, which once visited by an
unsuspecting user, could cause a user’s Web browser to execute malicious
script in the context of the visited htdig search Web page. (CVE-2007-6110)
Users of htdig are advised to upgrade to these updated packages, which
contain backported patch to resolve this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-December/076639.html
https://lists.centos.org/pipermail/centos-announce/2007-December/076640.html
https://lists.centos.org/pipermail/centos-announce/2007-December/076643.html
https://lists.centos.org/pipermail/centos-announce/2007-December/076644.html
Affected packages:
htdig
htdig-web
Upstream details at:
https://access.redhat.com/errata/RHSA-2007:1095
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | ia64 | htdig | < 3.2.0b6-4.c4 | htdig-3.2.0b6-4.c4.ia64.rpm |
CentOS | 4 | ia64 | htdig-web | < 3.2.0b6-4.c4 | htdig-web-3.2.0b6-4.c4.ia64.rpm |
CentOS | 4 | s390 | htdig | < 3.2.0b6-4.c4 | htdig-3.2.0b6-4.c4.s390.rpm |
CentOS | 4 | s390 | htdig-web | < 3.2.0b6-4.c4 | htdig-web-3.2.0b6-4.c4.s390.rpm |
CentOS | 4 | s390x | htdig | < 3.2.0b6-4.c4 | htdig-3.2.0b6-4.c4.s390x.rpm |
CentOS | 4 | s390x | htdig-web | < 3.2.0b6-4.c4 | htdig-web-3.2.0b6-4.c4.s390x.rpm |
CentOS | 5 | x86_64 | htdig | < 3.2.0b6-9.0.1.el5_1 | htdig-3.2.0b6-9.0.1.el5_1.x86_64.rpm |
CentOS | 5 | x86_64 | htdig-web | < 3.2.0b6-9.0.1.el5_1 | htdig-web-3.2.0b6-9.0.1.el5_1.x86_64.rpm |
CentOS | 5 | i386 | htdig | < 3.2.0b6-9.0.1.el5_1 | htdig-3.2.0b6-9.0.1.el5_1.i386.rpm |
CentOS | 5 | i386 | htdig-web | < 3.2.0b6-9.0.1.el5_1 | htdig-web-3.2.0b6-9.0.1.el5_1.i386.rpm |