Lucene search
Copyright (C) 2009 E-Soft Inc.OPENVAS:136141256231063241HistoryJan 20, 2009 - 12:00 a.m.
FreeBSD Ports: cgiwrap
2009-01-2000:00:00
Copyright (C) 2009 E-Soft Inc.
plugins.openvas.org
9
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
6.6
Confidence
Low
EPSS
0.003
Percentile
65.6%
The remote host is missing an update to the system
as announced in the referenced advisory.
# SPDX-FileCopyrightText: 2009 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.63241");
script_version("2023-07-26T05:05:09+0000");
script_tag(name:"last_modification", value:"2023-07-26 05:05:09 +0000 (Wed, 26 Jul 2023)");
script_tag(name:"creation_date", value:"2009-01-20 22:42:09 +0100 (Tue, 20 Jan 2009)");
script_cve_id("CVE-2008-2852");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_name("FreeBSD Ports: cgiwrap");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 E-Soft Inc.");
script_family("FreeBSD Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/freebsd", "ssh/login/freebsdrel");
script_tag(name:"insight", value:"The following package is affected: cgiwrap
CVE-2008-2852
Cross-site scripting (XSS) vulnerability in CGIWrap before 4.1, when
an Internet Explorer based browser is used, allows remote attackers to
inject arbitrary web script or HTML via unspecified vectors related to
failure to set the charset in error messages.");
script_tag(name:"solution", value:"Update your system with the appropriate patches or
software upgrades.");
script_xref(name:"URL", value:"http://secunia.com/advisories/30765");
script_xref(name:"URL", value:"http://cgiwrap.sourceforge.net/changes.html");
script_xref(name:"URL", value:"http://www.vuxml.org/freebsd/bc6a7e79-e111-11dd-afcd-00e0815b8da8.html");
script_tag(name:"summary", value:"The remote host is missing an update to the system
as announced in the referenced advisory.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-bsd.inc");
vuln = FALSE;
txt = "";
bver = portver(pkg:"cgiwrap");
if(!isnull(bver) && revcomp(a:bver, b:"4.0_2")<0) {
txt += 'Package cgiwrap version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
if(vuln) {
security_message(data:txt);
} else if (__pkg_match) {
exit(99);
}Related
freebsd
freebsd
cgiwrap -- XSS Vulnerability
2008-06-19 00:00:00
jvn
jvn
JVN#45389864 CGIWrap error page cross-site scripting vulnerability
2008-06-19 00:00:00
prion
prion
Cross site scripting
2008-06-25 12:36:00
openvas
openvas
FreeBSD Ports: cgiwrap
2009-01-20 00:00:00
cve
cve
CVE-2008-2852
2008-06-25 12:36:00
nessus
nessus
CGIWrap Charset Specification Weakness Error Message XSS
2008-06-30 00:00:00
nvd
nvd
CVE-2008-2852
2008-06-25 12:36:00
cvelist
cvelist
CVE-2008-2852
2008-06-25 10:00:00
ubuntucve
ubuntucve
CVE-2008-2852
2008-06-25 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
6.6
Confidence
Low
EPSS
0.003
Percentile
65.6%
Related for OPENVAS:136141256231063241