Lucene search
Copyright (C) 2008 E-Soft Inc.OPENVAS:136141256231053443HistoryJan 17, 2008 - 12:00 a.m.
Debian Security Advisory DSA 199-1 (mhonarc)
2008-01-1700:00:00
Copyright (C) 2008 E-Soft Inc.
plugins.openvas.org
1
7.1 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.7%
The remote host is missing an update to mhonarc
announced via advisory DSA 199-1.
# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.53443");
script_version("2023-07-19T05:05:15+0000");
script_tag(name:"last_modification", value:"2023-07-19 05:05:15 +0000 (Wed, 19 Jul 2023)");
script_tag(name:"creation_date", value:"2008-01-17 22:24:46 +0100 (Thu, 17 Jan 2008)");
script_cve_id("CVE-2002-1307");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_name("Debian Security Advisory DSA 199-1 (mhonarc)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 E-Soft Inc.");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB(2\.2|3\.0)");
script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20199-1");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/6204");
script_tag(name:"insight", value:"Steven Christey discovered a cross site scripting vulnerability in
mhonarc, a mail to HTML converter. Carefully crafted message headers
can introduce cross site scripting when mhonarc is configured to
display all headers lines on the web. However, it is often useful to
restrict the displayed header lines to To, From and Subject, in which
case the vulnerability cannot be exploited.
This problem has been fixed in version 2.5.2-1.2 for the current
stable distribution (woody), in version 2.4.4-1.2 for the old stable
distribution (potato) and in version 2.5.13-1 for the unstable
distribution (sid).");
script_tag(name:"solution", value:"We recommend that you upgrade your mhonarc package.");
script_tag(name:"summary", value:"The remote host is missing an update to mhonarc
announced via advisory DSA 199-1.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
res = "";
report = "";
if((res = isdpkgvuln(pkg:"mhonarc", ver:"2.4.4-1.2", rls:"DEB2.2")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"mhonarc", ver:"2.5.2-1.2", rls:"DEB3.0")) != NULL) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
Related
securityvulns
securityvulns
[SECURITY] [DSA 199-1] New mhonarc packages fix cross site scripting
2002-11-20 00:00:00
cve
cve
CVE-2002-1307
2002-11-29 05:00:00
openvas
openvas
Debian Security Advisory DSA 199-1 (mhonarc)
2008-01-17 00:00:00
nessus
nessus
Debian DSA-199-1 : mhonarc - XSS
2004-09-29 00:00:00
debian
debian
[SECURITY] [DSA 199-1] New mhonarc packages fix cross site scripting
2002-11-19 15:15:07
[SECURITY] [DSA 199-1] New mhonarc packages fix cross site scripting
2002-11-19 00:00:00
debiancve
debiancve
CVE-2002-1307
2002-11-29 05:00:00
osv
osv
mhonarc - cross site scripting
2002-11-19 00:00:00
cvelist
cvelist
CVE-2002-1307
2004-09-01 04:00:00
7.1 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.7%
Related for OPENVAS:136141256231053443