GoogleOSV:DSA-2290-1samba - cross-side scripting
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
79.1%
The Samba Web Administration Tool (SWAT) contains several cross-site request
forgery (CSRF) vulnerabilities
(
CVE-2011-2522) and a cross-site scripting vulnerability
(
CVE-2011-2694).
For the oldstable distribution (lenny), these problems have been fixed in
version 2:3.2.5-4lenny15.
For the stable distribution (squeeze), these problems have been fixed
in version 2:3.5.6~dfsg-3squeeze5.
For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 2:3.5.10~dfsg-1.
We recommend that you upgrade your samba packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| samba | eq | 2:3.5.6~dfsg-3 | |
| samba | eq | 2:3.5.6~dfsg-3squeeze1 | |
| samba | eq | 2:3.5.6~dfsg-3squeeze2 | |
| samba | eq | 2:3.5.6~dfsg-3squeeze3 | |
| samba | eq | 2:3.5.6~dfsg-3squeeze4 |
References
Related
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
79.1%