Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-251
HistoryFeb 14, 2003 - 12:00 a.m.

w3m - missing HTML quoting

2003-02-1400:00:00
Google
osv.dev
9

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Hironori Sakamoto, one of the w3m developers, found two security
vulnerabilities in w3m and associated programs. The w3m browser does
not properly escape HTML tags in frame contents and img alt
attributes. A malicious HTML frame or img alt attribute may deceive a
user to send their local cookies which are used for configuration. The
information is not leaked automatically, though.

For the stable distribution (woody) these problems have been fixed in
version 0.3-2.4.

The old stable distribution (potato) is not affected by these
problems.

For the unstable distribution (sid) these problems have been fixed in
version 0.3.2.2-1 and later.

We recommend that you upgrade your w3m and w3m-ssl packages.

Related

openvas 6
redhat 1
nessus 4
debian 6
securityvulns 1
osv 1
cve 3
cvelist 2
debiancve 2
openvas
openvas
Debian: Security Advisory (DSA-251)
2008-01-17 00:00:00
Debian Security Advisory DSA 249-1 (w3mmee)
2008-01-17 00:00:00
Debian Security Advisory DSA 249-1 (w3mmee)
2008-01-17 00:00:00
redhat
redhat
(RHSA-2003:045) w3m security update
2003-02-06 00:00:00
nessus
nessus
Debian DSA-249-1 : w3mmee - missing HTML quoting
2004-09-29 00:00:00
RHEL 2.1 : w3m (RHSA-2003:045)
2004-07-06 00:00:00
Debian DSA-250-1 : w3mmee-ssl - missing HTML quoting
2004-09-29 00:00:00
debian
debian
[SECURITY] [DSA 249-1] New w3mmee packages fix cookie information leak
2003-02-11 13:33:44
[SECURITY] [DSA 250-1] New w3mmee-ssl packages fix cookie information leak
2003-02-13 00:00:00
[SECURITY] [DSA 249-1] New w3mmee packages fix cookie information leak
2003-02-11 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 249-1] New w3mmee packages fix cookie information leak
2003-02-11 00:00:00
osv
osv
w3mmee - missing HTML quoting
2003-02-11 00:00:00
cve
cve
CVE-2002-1348
2003-02-19 05:00:00
CVE-2002-1335
2002-12-11 05:00:00
CVE-2002-1404
2003-02-19 05:00:00
cvelist
cvelist
CVE-2002-1335
2002-12-03 05:00:00
CVE-2002-1348
2004-09-01 04:00:00
debiancve
debiancve
CVE-2002-1335
2002-12-11 05:00:00
CVE-2002-1348
2003-02-19 05:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON
Related for OSV:DSA-251
openvas6redhat1nessus4debian6securityvulns1osv1cve3cvelist2debiancve2