Caucho Technology Resin viewfile 文件命令跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1186452 漏洞类型 跨站脚本
发布时间 2008-06-25 更新时间 2008-06-27
CVE编号 CVE-2008-2462 CNNVD-ID CNNVD-200806-402
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://www.securityfocus.com/bid/29948
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200806-402
|漏洞详情
3.0.25之前的CauchoResin,和3.1.4之前的3.1.x的viewfile文件命令中存在跨站脚本攻击漏洞,远程攻击者可以通过文件参数注入任意web脚本或HTML。
|受影响的产品
Caucho Technology Resin 3.1.1 Caucho Technology Resin 3.1 Caucho Technology Resin 3.0.19 Caucho Technology Resin 3.0.18 Caucho Technology Resin 3.0.17 Caucho Technology R
|参考资料
resource:
hyperlink:http://www.caucho.com/resin/changes/changes-31.xtp#3.1.4%20-%20Dec%205,%202007
resource:US Government Resource
hyperlink:http://www.kb.cert.org/vuls/id/305208
resource:
hyperlink:http://www.securityfocus.com/bid/29948
resource:
hyperlink:http://www.securitytracker.com/id?1020372
resource:
hyperlink:http://www.vupen.com/english/advisories/2008/1930/references
resource:
hyperlink:https://exchange.xforce.ibmcloud.com/vulnerabilities/43367