Lucene search

[email protected]NVD:CVE-2011-3199

HistoryMar 21, 2014 - 4:38 a.m.

CVE-2011-3199

2014-03-2104:38:53

CWE-79

[email protected]

web.nvd.nist.gov

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Domain Technologie Control (DTC) before 0.34.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message body of a support ticket or unspecified vectors to the (2) DNS and (3) MX form, as demonstrated by the “Domain root TXT record:” field.

Affected configurations

NVD

Node

gplhostdomain_technologie_controlRange≤0.32.11

gplhostdomain_technologie_controlMatch0.24.6

gplhostdomain_technologie_controlMatch0.25.1

gplhostdomain_technologie_controlMatch0.25.2

gplhostdomain_technologie_controlMatch0.25.3

gplhostdomain_technologie_controlMatch0.26.7

gplhostdomain_technologie_controlMatch0.26.8

gplhostdomain_technologie_controlMatch0.26.9

gplhostdomain_technologie_controlMatch0.27.3

gplhostdomain_technologie_controlMatch0.28.2

gplhostdomain_technologie_controlMatch0.28.3

gplhostdomain_technologie_controlMatch0.28.4

gplhostdomain_technologie_controlMatch0.28.6

gplhostdomain_technologie_controlMatch0.28.9

gplhostdomain_technologie_controlMatch0.28.10

gplhostdomain_technologie_controlMatch0.29.1

gplhostdomain_technologie_controlMatch0.29.6

gplhostdomain_technologie_controlMatch0.29.8

gplhostdomain_technologie_controlMatch0.29.10

gplhostdomain_technologie_controlMatch0.29.14

gplhostdomain_technologie_controlMatch0.29.15

gplhostdomain_technologie_controlMatch0.29.16

gplhostdomain_technologie_controlMatch0.29.17

gplhostdomain_technologie_controlMatch0.30.6

gplhostdomain_technologie_controlMatch0.30.8

gplhostdomain_technologie_controlMatch0.30.10

gplhostdomain_technologie_controlMatch0.30.18

gplhostdomain_technologie_controlMatch0.30.20

gplhostdomain_technologie_controlMatch0.32.1

gplhostdomain_technologie_controlMatch0.32.2

gplhostdomain_technologie_controlMatch0.32.3

gplhostdomain_technologie_controlMatch0.32.4

gplhostdomain_technologie_controlMatch0.32.5

gplhostdomain_technologie_controlMatch0.32.6

gplhostdomain_technologie_controlMatch0.32.7

References

git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3

www.debian.org/security/2011/dsa-2365

www.openwall.com/lists/oss-security/2011/08/13/1

www.openwall.com/lists/oss-security/2011/08/24/10

bugs.debian.org/cgi-bin/bugreport.cgi?bug=637584

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.3%

JSON

Related for NVD:CVE-2011-3199

prion1 cve1 ubuntucve1 cvelist1 nessus1 openvas2 debian1 osv1 securityvulns2