remote privilege escalation in webalizer

2001-11-0610:54:31

lists.opensuse.org

211

0.017 Low

EPSS

Percentile

88.0%

JSON

The webalizer is a widely used tool for analyzing web server logs and produce statistics in HTML format. An exploitable bug was found in webalizer which allows a remote attacker to execute commands on other client machines or revealing sensitive information by placing HTML tags in the right place. This is possible due to missing sanity checks on untrusted data - hostnames and search keywords in this case - that are received by webalizer. This kind of attack is also known as “Cross-Site Scripting Vulnerability”. Additionally the untrusted data will be written to files on the server running webalizer; this may lead to further problems when using this data as input for third-party software/scripts.

OSVersionArchitecturePackageVersionFilename
openSUSE7.1ppcwebalizer< 2.01.06-70webalizer-2.01.06-70.ppc.rpm
openSUSE7.3i386webalizer< 2.01.06-140webalizer-2.01.06-140.i386.rpm
openSUSE7.1i386webalizer< 2.01.06-139webalizer-2.01.06-139.i386.rpm
openSUSE7.2i386webalizer< 2.01.06-139webalizer-2.01.06-139.i386.rpm
openSUSE7.3ppcwebalizer< 2.01.06-72webalizer-2.01.06-72.ppc.rpm
openSUSE7.1alphawebalizer< 2.01.06-49webalizer-2.01.06-49.alpha.rpm
openSUSE7.1sparcwebalizer< 2.01.06-54webalizer-2.01.06-54.sparc.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE	7.1	ppc	webalizer	< 2.01.06-70	webalizer-2.01.06-70.ppc.rpm
openSUSE	7.3	i386	webalizer	< 2.01.06-140	webalizer-2.01.06-140.i386.rpm
openSUSE	7.1	i386	webalizer	< 2.01.06-139	webalizer-2.01.06-139.i386.rpm
openSUSE	7.2	i386	webalizer	< 2.01.06-139	webalizer-2.01.06-139.i386.rpm
openSUSE	7.3	ppc	webalizer	< 2.01.06-72	webalizer-2.01.06-72.ppc.rpm
openSUSE	7.1	alpha	webalizer	< 2.01.06-49	webalizer-2.01.06-49.alpha.rpm
openSUSE	7.1	sparc	webalizer	< 2.01.06-54	webalizer-2.01.06-54.sparc.rpm

0.017 Low

EPSS

Percentile

88.0%

JSON

Related for SUSE-SA:2001:040