Lucene search
FreeBSDCE680F0A-EEA6-11E1-8BD8-0022156E8794HistoryJul 24, 2012 - 12:00 a.m.
squidclamav -- cross-site scripting in default virus warning pages
2012-07-2400:00:00
vuxml.freebsd.org
20
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
65.6%
SquidClamav developers report:
This release fix several security issues by escaping CGI
parameters.
Prior to versions 6.7 and 5.8, CGI script clwarn.cgi was not
properly sanitizing input variables, so they could be used to
inject arbitrary strings to the generated page, leading
to the cross-site scripting attacks.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | squidclamav | < 5.8 | UNKNOWN |
References
Related
cvelist
cvelist
CVE-2012-4667
2012-08-25 10:00:00
openvas
openvas
SquidClamav Multiple XSS Vulnerabilities
2012-09-17 00:00:00
FreeBSD Ports: squidclamav
2012-08-30 00:00:00
FreeBSD Ports: squidclamav
2012-08-30 00:00:00
nessus
nessus
FreeBSD : squidclamav -- XSS in default virus warning pages (ce680f0a-eea6-11e1-8bd8-0022156e8794)
2012-08-27 00:00:00
SquidClamav clwarn.cgi url Parameter XSS
2012-09-10 00:00:00
ubuntucve
ubuntucve
CVE-2012-4667
2012-08-25 00:00:00
prion
prion
Cross site scripting
2012-08-25 10:29:00
cve
cve
CVE-2012-4667
2012-08-25 10:29:53
nvd
nvd
CVE-2012-4667
2012-08-25 10:29:53
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
65.6%
Related for CE680F0A-EEA6-11E1-8BD8-0022156E8794