Novell IDM跨站脚本和HTML注入漏洞

2008-09-10T00:00:00
ID SSV:3971
Type seebug
Reporter Root
Modified 2008-09-10T00:00:00

Description

BUGTRAQ ID: 30952 CNCAN ID:CNCAN-2008090305

Novell IDM是一款身份管理解决方案。 Novell IDM不正确处理用户提交的输入,远程攻击者可以利用漏洞使恶意脚本代码在目标用户浏览器上执行,导致敏感信息泄漏。 受影响的Novell User Application版本如下: 3.0.1 3.5.0 3.5.1 受影响的Novell Identity Manager Roles Based Provisioning模块版本如下: 3.6.0 3.6.1

Novell User Application 3.5.1 Novell User Application 3.5 Novell User Application 3.0.1 Novell Identity Manager Roles Based Provisioning Module 3.6.1 Novell Identity Manager Roles Based Provisioning Module 3.6 可参考如下安全公告获得补丁信息: <a href=http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033820.html target=_blank>http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033820.html</a> <a href=http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033840.html target=_blank>http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033840.html</a> <a href=http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033841.html target=_blank>http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033841.html</a> <a href=http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033860.html target=_blank>http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033860.html</a> <a href=http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033880.html target=_blank>http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033880.html</a>