Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-264
HistoryMar 19, 2003 - 12:00 a.m.

lxr - missing filename sanitizing

2003-03-1900:00:00
Google
osv.dev
2

0.012 Low

EPSS

Percentile

85.1%

JSON

Upstream developers of lxr, a general hypertext cross-referencing
tool, have been alerted of a vulnerability that allows a remote
attacker to read arbitrary files on the host system as user www-data.
This could disclose local files that were not meant to be shared with
the public.

For the stable distribution (woody) this problem has been
fixed in version 0.3-3.

The old stable distribution (potato) is not affected since it does not
contain an lxr package.

For the unstable distribution (sid) this problem has been
fixed in version 0.3-4.

We recommend that you upgrade your lxr package.

Related

nvd 1
nessus 2
cve 1
openvas 2
cvelist 1
nvd
nvd
CVE-2003-0156
2003-03-24 05:00:00
nessus
nessus
Cross-Referencing Linux (lxr) CGI v Parameter Traversal Arbitrary File Access
2003-03-12 00:00:00
Debian DSA-264-1 : lxr - missing filename sanitizing
2004-09-29 00:00:00
cve
cve
CVE-2003-0156
2003-03-24 05:00:00
openvas
openvas
Debian: Security Advisory (DSA-264)
2008-01-17 00:00:00
Debian Security Advisory DSA 264-1 (lxr)
2008-01-17 00:00:00
cvelist
cvelist
CVE-2003-0156
2003-03-21 05:00:00

0.012 Low

EPSS

Percentile

85.1%

JSON
Related for OSV:DSA-264
nvd1nessus2cve1openvas2cvelist1