Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2012 E-Soft Inc.OPENVAS:136141256231071141
HistoryMar 12, 2012 - 12:00 a.m.

Debian Security Advisory DSA 2414-1 (fex)

2012-03-1200:00:00
Copyright (C) 2012 E-Soft Inc.
plugins.openvas.org
7

6.4 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.5%

JSON

The remote host is missing an update to fex announced via advisory DSA 2414-1.

This VT has been merged into the VT

# SPDX-FileCopyrightText: 2012 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.71141");
  script_cve_id("CVE-2012-0869");
  script_version("2023-06-29T08:15:14+0000");
  script_tag(name:"last_modification", value:"2023-06-29 08:15:14 +0000 (Thu, 29 Jun 2023)");
  script_tag(name:"creation_date", value:"2012-03-12 11:31:28 -0400 (Mon, 12 Mar 2012)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_name("Debian Security Advisory DSA 2414-1 (fex)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2012 E-Soft Inc.");
  script_family("Debian Local Security Checks");
  script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202414-1");
  script_tag(name:"insight", value:"Nicola Fioravanti discovered that F*X, a web service for transferring
very large files, is not properly sanitizing input parameters of the fup
script.  An attacker can use this flaw to conduct reflected cross-site
scripting attacks via various script parameters.

For the stable distribution (squeeze), this problem has been fixed in
version 20100208+debian1-1+squeeze2.

For the testing distribution (wheezy), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed
in version 20120215-1.");

  script_tag(name:"solution", value:"We recommend that you upgrade your fex packages.");
  script_tag(name:"summary", value:"The remote host is missing an update to fex announced via advisory DSA 2414-1.

This VT has been merged into the VT 'Debian: Security Advisory (DSA-2414)' (OID: 1.3.6.1.4.1.25623.1.0.71145).");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  script_tag(name:"deprecated", value:TRUE);

  exit(0);
}

exit(66);

Related

debian 3
prion 1
securityvulns 2
debiancve 1
ubuntucve 1
cvelist 1
cve 1
nessus 1
openvas 4
osv 1
debian
debian
[SECURITY] [DSA 2414-1] fex security update
2012-02-21 23:12:11
[SECURITY] [DSA 2414-2] fex regression
2012-02-25 16:27:08
[BSA-062] Security Update for fex
2012-03-16 08:07:42
prion
prion
Cross site scripting
2012-09-25 23:55:00
securityvulns
securityvulns
[SECURITY] [DSA 2414-1] fex security update
2012-03-19 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2012-03-19 00:00:00
debiancve
debiancve
CVE-2012-0869
2012-09-25 23:55:00
ubuntucve
ubuntucve
CVE-2012-0869
2012-09-25 00:00:00
cvelist
cvelist
CVE-2012-0869
2012-09-25 23:00:00
cve
cve
CVE-2012-0869
2012-09-25 23:55:00
nessus
nessus
Debian DSA-2414-2 : fex - insufficient input sanitization
2012-02-22 00:00:00
openvas
openvas
Debian Security Advisory DSA 2414-1 (fex)
2012-03-12 00:00:00
Debian Security Advisory DSA 2414-2 (fex)
2012-03-12 00:00:00
F*EX (Frams's Fast File EXchange) < 20111129-2 Multiple XSS Vulnerabilities - Active Check
2012-09-27 00:00:00
osv
osv
fex - cross-site scripting
2012-02-25 00:00:00

6.4 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.5%

JSON
Related for OPENVAS:136141256231071141
debian3prion1securityvulns2debiancve1ubuntucve1cvelist1cve1nessus1openvas4osv1