RootSSV:12589Prototype JavaScript Framework跨站Ajax请求漏洞
0.004 Low
EPSS
Percentile
70.9%
Bugraq ID: 36926
CVE ID:CVE-2008-7220
Prototype JavaScript Framework是一款由Sam Stephenson开发的JavaScript开发函数库及框架。它提供了完整的Ajax框架及其它的工具。
Prototype JavaScript Framework存在一个未明错误,远程攻击者可以利用漏洞进行一个跨站ajax请求攻击,可以以受影响浏览器安全上下文执行任意代码。
Asterisk包含一个基于AJAX的演示管理接口,ajamdemo.html使用prototype.js框架,受此漏洞影响允许攻击者执行跨站AJAX请求攻击。
Sam Stephenson prototype javascript framework 1.4
Sam Stephenson prototype javascript framework 1.6.0.2
Asterisk Asterisk Business Edition C.3.1.0
Asterisk Asterisk Business Edition C.3.1 1
Asterisk Asterisk Business Edition C.2.4.3
Asterisk Asterisk Business Edition C.2.4.2
Asterisk Asterisk Business Edition C.2.3.3
Asterisk Asterisk Business Edition C.2.3 .2
Asterisk Asterisk Business Edition C.2.3
Asterisk Asterisk Business Edition C.2.1.2.1
Asterisk Asterisk Business Edition B.2.5.9
Asterisk Asterisk Business Edition B.2.5.8
Asterisk Asterisk Business Edition B.2.5.7
Asterisk Asterisk Business Edition B.2.5.6
Asterisk Asterisk Business Edition B.2.5.5
Asterisk Asterisk Business Edition B.2.5.4
Asterisk Asterisk Business Edition B.2.5.3
Asterisk Asterisk Business Edition B.2.5.2
Asterisk Asterisk Business Edition B.2.5.10
Asterisk Asterisk Business Edition B.2.5.1
Asterisk Asterisk 1.6.1 6
Asterisk Asterisk 1.6.1 5
Asterisk Asterisk 1.6.1 0-rc2
Asterisk Asterisk 1.6.1 0-rc1
Asterisk Asterisk 1.6.1
Asterisk Asterisk 1.6 beta6
Asterisk Asterisk 1.6 6
Asterisk Asterisk 1.6 14
Asterisk Asterisk 1.4.26 2
Asterisk Asterisk 1.4.26 1
Asterisk Asterisk 1.4.26
Asterisk Asterisk 1.4.24 .1
Asterisk Asterisk 1.4.24
Asterisk Asterisk 1.4.9
Asterisk Asterisk 1.4.8
Asterisk Asterisk 1.4.7
Asterisk Asterisk 1.4.6
Asterisk Asterisk 1.4.5
Asterisk Asterisk 1.4.4
Asterisk Asterisk 1.4.3
Asterisk Asterisk 1.6.1.8
Asterisk Asterisk 1.6.1.7
Asterisk Asterisk 1.6
厂商解决方案
用户可参考如下安全公告获得补丁信息:
http://github.com/sstephenson/prototype/blob/master/CHANGELOG
Related
