Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Mon, 24 Mar 2008 18:08:34 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: Lubomir Kundrak <lkundrak@...hat.com>
cc: "Steven M. Christey" <coley@...us.mitre.org>,
        oss-security@...ts.openwall.com
Subject: Re: CVE Request: namazu UTF-7 XSS


======================================================
Name: CVE-2008-1468
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1468
Reference: MISC:http://jvn.jp/jp/JVN%2300892830/index.html
Reference: CONFIRM:http://www.namazu.org/security.html.en
Reference: SECUNIA:29386
Reference: URL:http://secunia.com/advisories/29386

Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu
before 2.0.18 allows remote attackers to inject arbitrary web script
or HTML via UTF-7 encoded input, related to failure to set the
charset, a different vector than CVE-2004-1318 and CVE-2001-1350.
NOTE: some of these details are obtained from third party information.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux