ID EDB-ID:30818 Type exploitdb Reporter Michael Skibbe Modified 2007-11-27T00:00:00
Description
ht://Dig 3.2 Htsearch Cross Site Scripting Vulnerability. CVE-2007-6110. Webapps exploit for cgi platform
source: http://www.securityfocus.com/bid/26610/info
ht://Dig is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue allows an attacker to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue affects ht://Dig 3.2.0b6; other versions may also be vulnerable.
http://www.example.com/cgi-bin/htsearch?config=&restrict=&exclude=&method=and&format=builtin-long&sort=<script>alert("foo")</script>&words=foo
{"id": "EDB-ID:30818", "type": "exploitdb", "bulletinFamily": "exploit", "title": "ht://Dig 3.2 Htsearch Cross-Site Scripting Vulnerability", "description": "ht://Dig 3.2 Htsearch Cross Site Scripting Vulnerability. CVE-2007-6110. Webapps exploit for cgi platform", "published": "2007-11-27T00:00:00", "modified": "2007-11-27T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/30818/", "reporter": "Michael Skibbe", "references": [], "cvelist": ["CVE-2007-6110"], "lastseen": "2016-02-03T13:12:10", "viewCount": 23, "enchantments": {"score": {"value": 4.6, "vector": "NONE", "modified": "2016-02-03T13:12:10", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-6110"]}, {"type": "openvas", "idList": ["OPENVAS:861057", "OPENVAS:861197", "OPENVAS:870187", "OPENVAS:861262", "OPENVAS:60008", "OPENVAS:1361412562310870187", "OPENVAS:1361412562310122627"]}, {"type": "osvdb", "idList": ["OSVDB:40229"]}, {"type": "centos", "idList": ["CESA-2007:1095"]}, {"type": "redhat", "idList": ["RHSA-2007:1095"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-1095"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8441"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1429-1:46593"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2007-1095.NASL", "SUSE_HTDIG-4761.NASL", "HTSEARCH_SORT_XSS.NASL", "REDHAT-RHSA-2007-1095.NASL", "FEDORA_2007-3907.NASL", "CENTOS_RHSA-2007-1095.NASL", "FEDORA_2007-3958.NASL", "DEBIAN_DSA-1429.NASL", "FEDORA_2007-757.NASL", "SL_20071203_HTDIG_ON_SL5_X.NASL"]}, {"type": "fedora", "idList": ["FEDORA:LAT1DVSL022935", "FEDORA:LB3FL7E5018536", "FEDORA:LAT1JRTH023607"]}], "modified": "2016-02-03T13:12:10", "rev": 2}, "vulnersScore": 4.6}, "sourceHref": "https://www.exploit-db.com/download/30818/", "sourceData": "source: http://www.securityfocus.com/bid/26610/info\r\n\r\nht://Dig is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.\r\n\r\nExploiting this issue allows an attacker to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.\r\n\r\nThis issue affects ht://Dig 3.2.0b6; other versions may also be vulnerable. \r\n\r\nhttp://www.example.com/cgi-bin/htsearch?config=&restrict=&exclude=&method=and&format=builtin-long&sort=<script>alert(\"foo\")</script>&words=foo ", "osvdbidlist": ["40229"]}
{"cve": [{"lastseen": "2020-10-03T11:45:55", "description": "Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.", "edition": 3, "cvss3": {}, "published": "2007-11-23T20:46:00", "title": "CVE-2007-6110", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6110"], "modified": "2017-09-29T01:29:00", "cpe": ["cpe:/a:htdig:htdig:3.2.0b6"], "id": "CVE-2007-6110", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6110", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:htdig:htdig:3.2.0b6:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-24T12:49:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6110"], "description": "The remote host is missing an update to htdig\nannounced via advisory DSA 1429-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:60008", "href": "http://plugins.openvas.org/nasl.php?oid=60008", "type": "openvas", "title": "Debian Security Advisory DSA 1429-1 (htdig)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1429_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1429-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Michael Skibbe discovered that htdig, a WWW search system for an intranet\nor small internet, did not adequately quote values submitted to the search\nscript, allowing remote attackers to inject arbitrary script or HTML\ninto specially crafted links.\n\nFor the stable distribution (etch), this problem has been fixed in version\n1:3.2.0b6-3.1etch1\n\nFor the old stable distribution (sarge), this problem was not present.\n\nFor the unstable distribution (sid), this problem has been fixed in version\n1:3.2.0b6-4.\n\nWe recommend that you upgrade your htdig package.\";\ntag_summary = \"The remote host is missing an update to htdig\nannounced via advisory DSA 1429-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201429-1\";\n\nif(description)\n{\n script_id(60008);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:23:47 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-6110\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1429-1 (htdig)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"htdig-doc\", ver:\"3.2.0b6-3.1etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"htdig\", ver:\"3.2.0b6-3.1etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-27T10:56:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6110"], "description": "Check for the Version of htdig", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:870187", "href": "http://plugins.openvas.org/nasl.php?oid=870187", "type": "openvas", "title": "RedHat Update for htdig RHSA-2007:1095-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for htdig RHSA-2007:1095-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The ht://Dig system is a complete World Wide Web indexing and searching\n system for a small domain or intranet.\n\n A cross-site scripting flaw was discovered in a htdig search page. An\n attacker could construct a carefully crafted URL, which once visited by an \n unsuspecting user, could cause a user's Web browser to execute malicious\n script in the context of the visited htdig search Web page. (CVE-2007-6110)\n \n Users of htdig are advised to upgrade to these updated packages, which\n contain backported patch to resolve this issue.\";\n\ntag_affected = \"htdig on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4,\n Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2007-December/msg00001.html\");\n script_id(870187);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"RHSA\", value: \"2007:1095-01\");\n script_cve_id(\"CVE-2007-6110\");\n script_name( \"RedHat Update for htdig RHSA-2007:1095-01\");\n\n script_summary(\"Check for the Version of htdig\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"htdig\", rpm:\"htdig~3.2.0b6~9.0.1.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"htdig-debuginfo\", rpm:\"htdig-debuginfo~3.2.0b6~9.0.1.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"htdig-web\", rpm:\"htdig-web~3.2.0b6~9.0.1.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"htdig\", rpm:\"htdig~3.2.0b6~4.el4_6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"htdig-debuginfo\", rpm:\"htdig-debuginfo~3.2.0b6~4.el4_6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"htdig-web\", rpm:\"htdig-web~3.2.0b6~4.el4_6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6110"], "description": "Check for the Version of htdig", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861262", "href": "http://plugins.openvas.org/nasl.php?oid=861262", "type": "openvas", "title": "Fedora Update for htdig FEDORA-2007-757", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for htdig FEDORA-2007-757\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The ht://Dig system is a complete world wide web indexing and searching\n system for a small domain or intranet. This system is not meant to replace\n the need for powerful internet-wide search systems like Lycos, Infoseek,\n Webcrawler and AltaVista. Instead it is meant to cover the search needs for\n a single company, campus, or even a particular sub section of a web site. As\n opposed to some WAIS-based or web-server based search engines, ht://Dig can\n span several web servers at a site. The type of these different web servers\n doesn't matter as long as they understand the HTTP 1.0 protocol.\n ht://Dig is also used by KDE to search KDE's HTML documentation.\n\n ht://Dig was developed at San Diego State University as a way to search the\n various web servers on the campus network.\";\n\ntag_affected = \"htdig on Fedora Core 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00116.html\");\n script_id(861262);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2007-757\");\n script_cve_id(\"CVE-2007-6110\");\n script_name( \"Fedora Update for htdig FEDORA-2007-757\");\n\n script_summary(\"Check for the Version of htdig\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC6\")\n{\n\n if ((res = isrpmvuln(pkg:\"htdig\", rpm:\"htdig~3.2.0b6~9.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/htdig-web\", rpm:\"x86_64/htdig-web~3.2.0b6~9.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/htdig-debuginfo\", rpm:\"x86_64/debug/htdig-debuginfo~3.2.0b6~9.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/htdig\", rpm:\"x86_64/htdig~3.2.0b6~9.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/htdig-debuginfo\", rpm:\"i386/debug/htdig-debuginfo~3.2.0b6~9.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/htdig-web\", rpm:\"i386/htdig-web~3.2.0b6~9.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/htdig\", rpm:\"i386/htdig~3.2.0b6~9.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6110"], "description": "Check for the Version of htdig", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861057", "href": "http://plugins.openvas.org/nasl.php?oid=861057", "type": "openvas", "title": "Fedora Update for htdig FEDORA-2007-3907", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for htdig FEDORA-2007-3907\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The ht://Dig system is a complete world wide web indexing and searching\n system for a small domain or intranet. This system is not meant to replace\n the need for powerful internet-wide search systems like Lycos, Infoseek,\n Webcrawler and AltaVista. Instead it is meant to cover the search needs for\n a single company, campus, or even a particular sub section of a web site. As\n opposed to some WAIS-based or web-server based search engines, ht://Dig can\n span several web servers at a site. The type of these different web servers\n doesn't matter as long as they understand the HTTP 1.0 protocol.\n ht://Dig is also used by KDE to search KDE's HTML documentation.\n\n ht://Dig was developed at San Diego State University as a way to search the\n various web servers on the campus network.\";\n\ntag_affected = \"htdig on Fedora 7\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00970.html\");\n script_id(861057);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:23:18 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2007-3907\");\n script_cve_id(\"CVE-2007-6110\");\n script_name( \"Fedora Update for htdig FEDORA-2007-3907\");\n\n script_summary(\"Check for the Version of htdig\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"htdig\", rpm:\"htdig~3.2.0b6~12.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"htdig-web\", rpm:\"htdig-web~3.2.0b6~12.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"htdig\", rpm:\"htdig~3.2.0b6~12.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"htdig-debuginfo\", rpm:\"htdig-debuginfo~3.2.0b6~12.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"htdig\", rpm:\"htdig~3.2.0b6~12.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"htdig-debuginfo\", rpm:\"htdig-debuginfo~3.2.0b6~12.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"htdig-web\", rpm:\"htdig-web~3.2.0b6~12.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6110"], "description": "Check for the Version of htdig", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861197", "href": "http://plugins.openvas.org/nasl.php?oid=861197", "type": "openvas", "title": "Fedora Update for htdig FEDORA-2007-3958", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for htdig FEDORA-2007-3958\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The ht://Dig system is a complete world wide web indexing and searching\n system for a small domain or intranet. This system is not meant to replace\n the need for powerful internet-wide search systems like Lycos, Infoseek,\n Webcrawler and AltaVista. Instead it is meant to cover the search needs for\n a single company, campus, or even a particular sub section of a web site. As\n opposed to some WAIS-based or web-server based search engines, ht://Dig can\n span several web servers at a site. The type of these different web servers\n doesn't matter as long as they understand the HTTP 1.0 protocol.\n ht://Dig is also used by KDE to search KDE's HTML documentation.\n\n ht://Dig was developed at San Diego State University as a way to search the\n various web servers on the campus network.\";\n\ntag_affected = \"htdig on Fedora 8\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01025.html\");\n script_id(861197);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:23:18 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2007-3958\");\n script_cve_id(\"CVE-2007-6110\");\n script_name( \"Fedora Update for htdig FEDORA-2007-3958\");\n\n script_summary(\"Check for the Version of htdig\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"htdig\", rpm:\"htdig~3.2.0b6~13.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"htdig\", rpm:\"htdig~3.2.0b6~13.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"htdig-web\", rpm:\"htdig-web~3.2.0b6~13.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"htdig-debuginfo\", rpm:\"htdig-debuginfo~3.2.0b6~13.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"htdig-web\", rpm:\"htdig-web~3.2.0b6~13.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"htdig\", rpm:\"htdig~3.2.0b6~13.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"htdig-debuginfo\", rpm:\"htdig-debuginfo~3.2.0b6~13.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-09T11:40:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6110"], "description": "Check for the Version of htdig", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:1361412562310870187", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870187", "type": "openvas", "title": "RedHat Update for htdig RHSA-2007:1095-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for htdig RHSA-2007:1095-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The ht://Dig system is a complete World Wide Web indexing and searching\n system for a small domain or intranet.\n\n A cross-site scripting flaw was discovered in a htdig search page. An\n attacker could construct a carefully crafted URL, which once visited by an \n unsuspecting user, could cause a user's Web browser to execute malicious\n script in the context of the visited htdig search Web page. (CVE-2007-6110)\n \n Users of htdig are advised to upgrade to these updated packages, which\n contain backported patch to resolve this issue.\";\n\ntag_affected = \"htdig on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4,\n Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2007-December/msg00001.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870187\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"RHSA\", value: \"2007:1095-01\");\n script_cve_id(\"CVE-2007-6110\");\n script_name( \"RedHat Update for htdig RHSA-2007:1095-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of htdig\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"htdig\", rpm:\"htdig~3.2.0b6~9.0.1.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"htdig-debuginfo\", rpm:\"htdig-debuginfo~3.2.0b6~9.0.1.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"htdig-web\", rpm:\"htdig-web~3.2.0b6~9.0.1.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"htdig\", rpm:\"htdig~3.2.0b6~4.el4_6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"htdig-debuginfo\", rpm:\"htdig-debuginfo~3.2.0b6~4.el4_6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"htdig-web\", rpm:\"htdig-web~3.2.0b6~4.el4_6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:36:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6110"], "description": "Oracle Linux Local Security Checks ELSA-2007-1095", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122627", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122627", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2007-1095", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2007-1095.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122627\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:49:41 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2007-1095\");\n script_tag(name:\"insight\", value:\"ELSA-2007-1095 - Moderate: htdig security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2007-1095\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2007-1095.html\");\n script_cve_id(\"CVE-2007-6110\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"htdig\", rpm:\"htdig~3.2.0b6~9.0.1.el5_1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"htdig-web\", rpm:\"htdig-web~3.2.0b6~9.0.1.el5_1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:45:34", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6110"], "description": "The ht://Dig system is a complete World Wide Web indexing and searching\r\nsystem for a small domain or intranet.\r\n\r\nA cross-site scripting flaw was discovered in a htdig search page. An\r\nattacker could construct a carefully crafted URL, which once visited by an \r\nunsuspecting user, could cause a user's Web browser to execute malicious\r\nscript in the context of the visited htdig search Web page. (CVE-2007-6110)\r\n\r\nUsers of htdig are advised to upgrade to these updated packages, which\r\ncontain backported patch to resolve this issue.", "modified": "2017-09-08T11:57:15", "published": "2007-12-03T05:00:00", "id": "RHSA-2007:1095", "href": "https://access.redhat.com/errata/RHSA-2007:1095", "type": "redhat", "title": "(RHSA-2007:1095) Moderate: htdig security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:36", "bulletinFamily": "software", "cvelist": ["CVE-2007-6110"], "description": "## Manual Testing Notes\nhttp://[target]/cgi-bin/htsearch?config=&restrict=&exclude=&method=and&format=builtin-long&sort=<script>alert("foo")</script>&words=foo\n## References:\n[Secunia Advisory ID:27965](https://secuniaresearch.flexerasoftware.com/advisories/27965/)\n[Secunia Advisory ID:28062](https://secuniaresearch.flexerasoftware.com/advisories/28062/)\n[Secunia Advisory ID:27850](https://secuniaresearch.flexerasoftware.com/advisories/27850/)\n[Secunia Advisory ID:27890](https://secuniaresearch.flexerasoftware.com/advisories/27890/)\nRedHat RHSA: RHSA-2007:1095\nOther Advisory URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453278\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2007_25_sr.html\nOther Advisory URL: http://sourceforge.net/mailarchive/forum.php?thread_name=200709251310.55835.mskibbe%40suse.de&forum_name=htdig-dev\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1429\nFrSIRT Advisory: ADV-2007-4038\n[CVE-2007-6110](https://vulners.com/cve/CVE-2007-6110)\nBugtraq ID: 26610\n", "edition": 1, "modified": "2007-11-27T00:00:00", "published": "2007-11-27T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:40229", "id": "OSVDB:40229", "title": "ht://dig htsearch sort Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "centos": [{"lastseen": "2019-12-20T18:26:32", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6110"], "description": "**CentOS Errata and Security Advisory** CESA-2007:1095\n\n\nThe ht://Dig system is a complete World Wide Web indexing and searching\r\nsystem for a small domain or intranet.\r\n\r\nA cross-site scripting flaw was discovered in a htdig search page. An\r\nattacker could construct a carefully crafted URL, which once visited by an \r\nunsuspecting user, could cause a user's Web browser to execute malicious\r\nscript in the context of the visited htdig search Web page. (CVE-2007-6110)\r\n\r\nUsers of htdig are advised to upgrade to these updated packages, which\r\ncontain backported patch to resolve this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/026515.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/026516.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/026519.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/026520.html\n\n**Affected packages:**\nhtdig\nhtdig-web\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-1095.html", "edition": 4, "modified": "2007-12-05T00:29:23", "published": "2007-12-03T16:39:25", "href": "http://lists.centos.org/pipermail/centos-announce/2007-December/026515.html", "id": "CESA-2007:1095", "title": "htdig security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:27", "bulletinFamily": "software", "cvelist": ["CVE-2007-6110"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.\r\nRotabanner: crossite scripting", "edition": 1, "modified": "2007-12-13T00:00:00", "published": "2007-12-13T00:00:00", "id": "SECURITYVULNS:VULN:8441", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8441", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "debian": [{"lastseen": "2020-11-11T13:21:36", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6110"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1429-1 security@debian.org\nhttp://www.debian.org/security/ Steve Kemp\nDecember 11, 2007 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : htdig \nVulnerability : cross site scripting\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2007-6110\nDebian Bug : 453278\n\nMichael Skibbe discovered that htdig, a WWW search system for an intranet\nor small internet, did not adequately quote values submitted to the search\nscript, allowing remote attackers to inject arbitrary script or HTML\ninto specially crafted links.\n\nFor the stable distribution (etch), this problem has been fixed in version\n1:3.2.0b6-3.1etch1\n\nFor the old stable distribution (sarge), this problem was not present.\n\nFor the unstable distribution (sid), this problem has been fixed in version\n1:3.2.0b6-4.\n\nWe recommend that you upgrade your htdig package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1.dsc\n Size/MD5 checksum: 616 cd4c8534f4615e145331c49ce61d6dc8\n http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6.orig.tar.gz\n Size/MD5 checksum: 3104936 8a6952f5b97e305dbb7489045bad220f\n http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1.diff.gz\n Size/MD5 checksum: 86277 c604a5e5b383b92701751cc59dc42f64\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/h/htdig/htdig-doc_3.2.0b6-3.1etch1_all.deb\n Size/MD5 checksum: 528278 8ef47406cfd1e8e443a1fd52600f5852\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_alpha.deb\n Size/MD5 checksum: 2325066 ef903816a813b83eed9b02c2dbb3077f\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_amd64.deb\n Size/MD5 checksum: 1999104 8a655e8fdc0afff79c3fef3abd398511\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_arm.deb\n Size/MD5 checksum: 1895400 06661a4521788928c65eb8182108eb66\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_hppa.deb\n Size/MD5 checksum: 2080404 ef595c4bc3044c90cd88516e9efd1355\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_i386.deb\n Size/MD5 checksum: 1850284 eb919a14cb3b39e5bb897d1402d70c52\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_ia64.deb\n Size/MD5 checksum: 2716226 2180649c4865fbdf33f05bb62c1ac0bf\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_mips.deb\n Size/MD5 checksum: 1949730 7b2188c83ce9e299f6994fe3af69fefc\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_mipsel.deb\n Size/MD5 checksum: 1941926 645a9efbaa025dbd39ec27b4b915c00e\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_powerpc.deb\n Size/MD5 checksum: 1888214 2dd55523e8ac8b405b34bba39da0e6ca\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_s390.deb\n Size/MD5 checksum: 2034030 22069288eb255b5d6bb975f14562813b\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_sparc.deb\n Size/MD5 checksum: 1866588 a523c05f8841bfed3009c92617fc585f\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 9, "modified": "2007-12-11T00:00:00", "published": "2007-12-11T00:00:00", "id": "DEBIAN:DSA-1429-1:46593", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00210.html", "title": "[SECURITY] [DSA 1429-1] New htdig packages fix cross site scripting", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:13", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6110"], "description": " [3:3.2.0b6-4]\n - CVE-2007-6110 ", "edition": 4, "modified": "2007-12-04T00:00:00", "published": "2007-12-04T00:00:00", "id": "ELSA-2007-1095", "href": "http://linux.oracle.com/errata/ELSA-2007-1095.html", "title": "Moderate: htdig security update ", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6110"], "description": "The ht://Dig system is a complete world wide web indexing and searching system for a small domain or intranet. This system is not meant to replace the need for powerful internet-wide search systems like Lycos, Infoseek, Webcrawler and AltaVista. Instead it is meant to cover the search needs for a single company, campus, or even a particular sub section of a web site. As opposed to some WAIS-based or web-server based search engines, ht://Dig can span several web servers at a site. The type of these different web servers doesn't matter as long as they understand the HTTP 1.0 protocol. ht://Dig is also used by KDE to search KDE's HTML documentation. ht://Dig was developed at San Diego State University as a way to search the various web servers on the campus network. ", "modified": "2007-11-29T01:39:58", "published": "2007-11-29T01:39:58", "id": "FEDORA:LAT1DVSL022935", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: htdig-3.2.0b6-12.fc7", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6110"], "description": "The ht://Dig system is a complete world wide web indexing and searching system for a small domain or intranet. This system is not meant to replace the need for powerful internet-wide search systems like Lycos, Infoseek, Webcrawler and AltaVista. Instead it is meant to cover the search needs for a single company, campus, or even a particular sub section of a web site. As opposed to some WAIS-based or web-server based search engines, ht://Dig can span several web servers at a site. The type of these different web servers doesn't matter as long as they understand the HTTP 1.0 protocol. ht://Dig is also used by KDE to search KDE's HTML documentation. ht://Dig was developed at San Diego State University as a way to search the various web servers on the campus network. ", "modified": "2007-12-03T15:47:07", "published": "2007-12-03T15:47:07", "id": "FEDORA:LB3FL7E5018536", "href": "", "type": "fedora", "title": "[SECURITY] Fedora Core 6 Update: htdig-3.2.0b6-9.fc6", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6110"], "description": "The ht://Dig system is a complete world wide web indexing and searching system for a small domain or intranet. This system is not meant to replace the need for powerful internet-wide search systems like Lycos, Infoseek, Webcrawler and AltaVista. Instead it is meant to cover the search needs for a single company, campus, or even a particular sub section of a web site. As opposed to some WAIS-based or web-server based search engines, ht://Dig can span several web servers at a site. The type of these different web servers doesn't matter as long as they understand the HTTP 1.0 protocol. ht://Dig is also used by KDE to search KDE's HTML documentation. ht://Dig was developed at San Diego State University as a way to search the various web servers on the campus network. ", "modified": "2007-11-29T01:46:18", "published": "2007-11-29T01:46:18", "id": "FEDORA:LAT1JRTH023607", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: htdig-3.2.0b6-13.fc8", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-01-12T10:06:11", "description": " - CVE-2007-6110\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "published": "2007-11-29T00:00:00", "title": "Fedora 7 : htdig-3.2.0b6-12.fc7 (2007-3907)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6110"], "modified": "2007-11-29T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:htdig-web", "cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:htdig", "p-cpe:/a:fedoraproject:fedora:htdig-debuginfo"], "id": "FEDORA_2007-3907.NASL", "href": "https://www.tenable.com/plugins/nessus/28344", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-3907.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28344);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2007-3907\");\n\n script_name(english:\"Fedora 7 : htdig-3.2.0b6-12.fc7 (2007-3907)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - CVE-2007-6110\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-November/005374.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e1ed0f9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected htdig, htdig-debuginfo and / or htdig-web\npackages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:htdig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:htdig-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:htdig-web\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"htdig-3.2.0b6-12.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"htdig-debuginfo-3.2.0b6-12.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"htdig-web-3.2.0b6-12.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"htdig / htdig-debuginfo / htdig-web\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-06T09:44:53", "description": "Michael Skibbe discovered that htdig, a WWW search system for an\nintranet or small internet, did not adequately quote values submitted\nto the search script, allowing remote attackers to inject arbitrary\nscript or HTML into specially crafted links.", "edition": 26, "published": "2007-12-12T00:00:00", "title": "Debian DSA-1429-1 : htdig - XSS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6110"], "modified": "2007-12-12T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:htdig"], "id": "DEBIAN_DSA-1429.NASL", "href": "https://www.tenable.com/plugins/nessus/29337", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1429. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29337);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-6110\");\n script_xref(name:\"DSA\", value:\"1429\");\n\n script_name(english:\"Debian DSA-1429-1 : htdig - XSS\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Michael Skibbe discovered that htdig, a WWW search system for an\nintranet or small internet, did not adequately quote values submitted\nto the search script, allowing remote attackers to inject arbitrary\nscript or HTML into specially crafted links.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2007/dsa-1429\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the htdig package.\n\nFor the old stable distribution (sarge), this problem was not present.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1:3.2.0b6-3.1etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:htdig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"htdig\", reference:\"1:3.2.0b6-3.1etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"htdig-doc\", reference:\"1:3.2.0b6-3.1etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-06T09:25:14", "description": "Updated htdig packages that resolve a security issue are now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe ht://Dig system is a complete World Wide Web indexing and\nsearching system for a small domain or intranet.\n\nA cross-site scripting flaw was discovered in a htdig search page. An\nattacker could construct a carefully crafted URL, which once visited\nby an unsuspecting user, could cause a user's Web browser to execute\nmalicious script in the context of the visited htdig search Web page.\n(CVE-2007-6110)\n\nUsers of htdig are advised to upgrade to these updated packages, which\ncontain backported patch to resolve this issue.", "edition": 27, "published": "2010-01-06T00:00:00", "title": "CentOS 4 / 5 : htdig (CESA-2007:1095)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6110"], "modified": "2010-01-06T00:00:00", "cpe": ["p-cpe:/a:centos:centos:htdig", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:htdig-web"], "id": "CENTOS_RHSA-2007-1095.NASL", "href": "https://www.tenable.com/plugins/nessus/43662", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:1095 and \n# CentOS Errata and Security Advisory 2007:1095 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43662);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-6110\");\n script_bugtraq_id(26610);\n script_xref(name:\"RHSA\", value:\"2007:1095\");\n\n script_name(english:\"CentOS 4 / 5 : htdig (CESA-2007:1095)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated htdig packages that resolve a security issue are now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe ht://Dig system is a complete World Wide Web indexing and\nsearching system for a small domain or intranet.\n\nA cross-site scripting flaw was discovered in a htdig search page. An\nattacker could construct a carefully crafted URL, which once visited\nby an unsuspecting user, could cause a user's Web browser to execute\nmalicious script in the context of the visited htdig search Web page.\n(CVE-2007-6110)\n\nUsers of htdig are advised to upgrade to these updated packages, which\ncontain backported patch to resolve this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-December/014477.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7fb7e492\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-December/014481.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0df5bc03\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-December/014482.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bfcc7c2c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected htdig packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:htdig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:htdig-web\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"htdig-3.2.0b6-4.c4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"htdig-web-3.2.0b6-4.c4\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"htdig-3.2.0b6-9.0.1.el5_1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"htdig-web-3.2.0b6-9.0.1.el5_1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"htdig / htdig-web\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:06:17", "description": " - fixed CVE-2007-6110\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2007-12-04T00:00:00", "title": "Fedora Core 6 : htdig-3.2.0b6-9.fc6 (2007-757)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6110"], "modified": "2007-12-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:htdig-web", "cpe:/o:fedoraproject:fedora_core:6", "p-cpe:/a:fedoraproject:fedora:htdig", "p-cpe:/a:fedoraproject:fedora:htdig-debuginfo"], "id": "FEDORA_2007-757.NASL", "href": "https://www.tenable.com/plugins/nessus/29198", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-757.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29198);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-6110\");\n script_xref(name:\"FEDORA\", value:\"2007-757\");\n\n script_name(english:\"Fedora Core 6 : htdig-3.2.0b6-9.fc6 (2007-757)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fixed CVE-2007-6110\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-December/005578.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b93e745f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected htdig, htdig-debuginfo and / or htdig-web\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:htdig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:htdig-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:htdig-web\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 6.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC6\", reference:\"htdig-3.2.0b6-9.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"htdig-debuginfo-3.2.0b6-9.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"htdig-web-3.2.0b6-9.fc6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"htdig / htdig-debuginfo / htdig-web\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:06:11", "description": " - CVE-2007-6110\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "published": "2007-11-29T00:00:00", "title": "Fedora 8 : htdig-3.2.0b6-13.fc8 (2007-3958)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6110"], "modified": "2007-11-29T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:htdig-web", "p-cpe:/a:fedoraproject:fedora:htdig", "p-cpe:/a:fedoraproject:fedora:htdig-debuginfo", "cpe:/o:fedoraproject:fedora:8"], "id": "FEDORA_2007-3958.NASL", "href": "https://www.tenable.com/plugins/nessus/28346", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-3958.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28346);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2007-3958\");\n\n script_name(english:\"Fedora 8 : htdig-3.2.0b6-13.fc8 (2007-3958)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - CVE-2007-6110\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-November/005429.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b5a0e7a9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected htdig, htdig-debuginfo and / or htdig-web\npackages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:htdig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:htdig-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:htdig-web\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"htdig-3.2.0b6-13.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"htdig-debuginfo-3.2.0b6-13.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"htdig-web-3.2.0b6-13.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"htdig / htdig-debuginfo / htdig-web\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T13:05:57", "description": "Updated htdig packages that resolve a security issue are now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe ht://Dig system is a complete World Wide Web indexing and\nsearching system for a small domain or intranet.\n\nA cross-site scripting flaw was discovered in a htdig search page. An\nattacker could construct a carefully crafted URL, which once visited\nby an unsuspecting user, could cause a user's Web browser to execute\nmalicious script in the context of the visited htdig search Web page.\n(CVE-2007-6110)\n\nUsers of htdig are advised to upgrade to these updated packages, which\ncontain backported patch to resolve this issue.", "edition": 28, "published": "2007-12-04T00:00:00", "title": "RHEL 4 / 5 : htdig (RHSA-2007:1095)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6110"], "modified": "2007-12-04T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:htdig-web", "p-cpe:/a:redhat:enterprise_linux:htdig", "cpe:/o:redhat:enterprise_linux:5.1", "cpe:/o:redhat:enterprise_linux:4.6"], "id": "REDHAT-RHSA-2007-1095.NASL", "href": "https://www.tenable.com/plugins/nessus/29204", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:1095. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29204);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-6110\");\n script_bugtraq_id(26610);\n script_xref(name:\"RHSA\", value:\"2007:1095\");\n\n script_name(english:\"RHEL 4 / 5 : htdig (RHSA-2007:1095)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated htdig packages that resolve a security issue are now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe ht://Dig system is a complete World Wide Web indexing and\nsearching system for a small domain or intranet.\n\nA cross-site scripting flaw was discovered in a htdig search page. An\nattacker could construct a carefully crafted URL, which once visited\nby an unsuspecting user, could cause a user's Web browser to execute\nmalicious script in the context of the visited htdig search Web page.\n(CVE-2007-6110)\n\nUsers of htdig are advised to upgrade to these updated packages, which\ncontain backported patch to resolve this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:1095\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected htdig and / or htdig-web packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:htdig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:htdig-web\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:1095\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"htdig-3.2.0b6-4.el4_6\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"htdig-web-3.2.0b6-4.el4_6\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"htdig-3.2.0b6-9.0.1.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"htdig-3.2.0b6-9.0.1.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"htdig-3.2.0b6-9.0.1.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"htdig-web-3.2.0b6-9.0.1.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"htdig-web-3.2.0b6-9.0.1.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"htdig-web-3.2.0b6-9.0.1.el5_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"htdig / htdig-web\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T12:44:04", "description": "From Red Hat Security Advisory 2007:1095 :\n\nUpdated htdig packages that resolve a security issue are now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe ht://Dig system is a complete World Wide Web indexing and\nsearching system for a small domain or intranet.\n\nA cross-site scripting flaw was discovered in a htdig search page. An\nattacker could construct a carefully crafted URL, which once visited\nby an unsuspecting user, could cause a user's Web browser to execute\nmalicious script in the context of the visited htdig search Web page.\n(CVE-2007-6110)\n\nUsers of htdig are advised to upgrade to these updated packages, which\ncontain backported patch to resolve this issue.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 / 5 : htdig (ELSA-2007-1095)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6110"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:htdig-web", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:htdig", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2007-1095.NASL", "href": "https://www.tenable.com/plugins/nessus/67618", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:1095 and \n# Oracle Linux Security Advisory ELSA-2007-1095 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67618);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-6110\");\n script_bugtraq_id(26610);\n script_xref(name:\"RHSA\", value:\"2007:1095\");\n\n script_name(english:\"Oracle Linux 4 / 5 : htdig (ELSA-2007-1095)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:1095 :\n\nUpdated htdig packages that resolve a security issue are now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe ht://Dig system is a complete World Wide Web indexing and\nsearching system for a small domain or intranet.\n\nA cross-site scripting flaw was discovered in a htdig search page. An\nattacker could construct a carefully crafted URL, which once visited\nby an unsuspecting user, could cause a user's Web browser to execute\nmalicious script in the context of the visited htdig search Web page.\n(CVE-2007-6110)\n\nUsers of htdig are advised to upgrade to these updated packages, which\ncontain backported patch to resolve this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-December/000431.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-December/000434.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected htdig packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:htdig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:htdig-web\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"htdig-3.2.0b6-4.el4_6\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"htdig-3.2.0b6-4.el4_6\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"htdig-web-3.2.0b6-4.el4_6\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"htdig-web-3.2.0b6-4.el4_6\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"htdig-3.2.0b6-9.0.1.el5_1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"htdig-web-3.2.0b6-9.0.1.el5_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"htdig / htdig-web\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T14:44:18", "description": "A flaw in the htsearch Program could be exploited by attackers to\nconduct cross-site scripting (XSS) attacks. (CVE-2007-6110)", "edition": 23, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : htdig (ZYPP Patch Number 4761)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6110"], "modified": "2007-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_HTDIG-4761.NASL", "href": "https://www.tenable.com/plugins/nessus/29461", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29461);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-6110\");\n\n script_name(english:\"SuSE 10 Security Update : htdig (ZYPP Patch Number 4761)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw in the htsearch Program could be exploited by attackers to\nconduct cross-site scripting (XSS) attacks. (CVE-2007-6110)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6110.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 4761.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"htdig-3.2.0b6-21.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"htdig-3.2.0b6-21.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T13:43:48", "description": "A cross-site scripting flaw was discovered in a htdig search page. An\nattacker could construct a carefully crafted URL, which once visited\nby an unsuspecting user, could cause a user's Web browser to execute\nmalicious script in the context of the visited htdig search Web page.\n(CVE-2007-6110)", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : htdig on SL5.x, SL4.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6110"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20071203_HTDIG_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60319", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60319);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-6110\");\n\n script_name(english:\"Scientific Linux Security Update : htdig on SL5.x, SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A cross-site scripting flaw was discovered in a htdig search page. An\nattacker could construct a carefully crafted URL, which once visited\nby an unsuspecting user, could cause a user's Web browser to execute\nmalicious script in the context of the visited htdig search Web page.\n(CVE-2007-6110)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0712&L=scientific-linux-errata&T=0&P=544\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0ebfbc1c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected htdig and / or htdig-web packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"htdig-3.2.0b6-4.el4_6\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"htdig-3.2.0b6-4.el4\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"htdig-web-3.2.0b6-4.el4_6\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"htdig-web-3.2.0b6-4.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"htdig-3.2.0b6-9.0.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"htdig-web-3.2.0b6-9.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T11:32:39", "description": "The htsearch CGI script is accessible through the remote web server. \nhtsearch is a component of ht://Dig used to index and search documents\nsuch as web pages. \n\nThe version of htsearch installed on the remote host fails to sanitize\nuser-supplied input to the 'sort' parameter before using it to\ngenerate dynamic output. An unauthenticated, remote attacker may be\nable to leverage this issue to inject arbitrary HTML or script code\ninto a user's browser to be executed within the security context of\nthe affected site.", "edition": 25, "published": "2007-11-28T00:00:00", "title": "ht://dig htsearch sort Parameter XSS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6110"], "modified": "2007-11-28T00:00:00", "cpe": ["cpe:/a:htdig:htdig"], "id": "HTSEARCH_SORT_XSS.NASL", "href": "https://www.tenable.com/plugins/nessus/28334", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28334);\n script_version(\"1.17\");\n\n script_cve_id(\"CVE-2007-6110\");\n script_bugtraq_id(26610);\n\n script_name(english:\"ht://dig htsearch sort Parameter XSS\");\n script_summary(english:\"Tries to exploit an XSS issue in htsearch\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a CGI script affected by a cross-site\nscripting vulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The htsearch CGI script is accessible through the remote web server. \nhtsearch is a component of ht://Dig used to index and search documents\nsuch as web pages. \n\nThe version of htsearch installed on the remote host fails to sanitize\nuser-supplied input to the 'sort' parameter before using it to\ngenerate dynamic output. An unauthenticated, remote attacker may be\nable to leverage this issue to inject arbitrary HTML or script code\ninto a user's browser to be executed within the security context of\nthe affected site.\" );\n # https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00116.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a7899e11\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Unknown at this time.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/11/28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:htdig:htdig\");\nscript_end_attributes();\n\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\", \"cross_site_scripting.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"url_func.inc\");\n\n\nport = get_http_port(default:80);\nif (get_kb_item(\"www/\"+port+\"/generic_xss\")) exit(0);\n\n\nxss = string(\"<script>alert('\", SCRIPT_NAME, \"')</script>\");\nexss = urlencode(str:xss);\n\n\ntest_cgi_xss(port: port, cgi: \"/htsearch\", \n qs: \"config=&restrict=&exclude=&method=and&format=builtin-long&sort=\"\n +exss+\"&words=\"+SCRIPT_NAME,\n pass_str: \"No such sort method: `\"+xss+\"'\", pass2_re: \"ht://Dig\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
