Lucene search

K

Japan Vulnerability NotesJVN:63041502

HistoryAug 26, 2011 - 12:00 a.m.

JVN#63041502: Samba Web Administration Tool vulnerable to cross-site scripting

2011-08-2600:00:00

Japan Vulnerability Notes

jvn.jp

14

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

65.8%

Samba Web Administration Tool (SWAT) allows for Samba configuration through a web interface. SWAT contains a cross-site scripting vulnerability.

SWAT is disabled in a default configuration of Samba.

Impact

An arbitrary script may be executed on the web browser of a user that is logged into SWAT.

According to the developer, this vulnerability is exploitable only if JVN#29529126 is not addressed.

Solution

Update the software
Update to the latest version of Samba or apply the appropriate patch according to the information provided by the developer.

Products Affected

Samba Web Administration Tool (SWAT) contained in the following Samba versions are affected:

Samba versions prior to 3.5.10
Samba versions prior to 3.4.14
Samba versions prior to 3.3.16
Samba versions 3.0.x through 3.2.15

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

65.8%

Related for JVN:63041502

prion1 veracode1 cve1 ubuntucve1 debiancve1 nessus28 openvas41 altlinux1 freebsd1 osv1 samba1 slackware1 fedora4 securityvulns2 ubuntu1 debian1 oraclelinux4 redhat3 centos2 suse1 vmware2