Buildbot 'waterfall.py' Cross-Site Scripting Vulnerability Network Vulnerability

Summary

This host is installed with Buildbot and is prone to Cross Site Scripting vulnerability.

Impact

Successful exploitation will allow attacker to inject arbitrary web script or HTML via unspecified vectors and conduct cross-site scripting attacks. Impact Level: Application

Solution

Upgrade to version 0.7.11p2 or later. http://sourceforge.net/projects/buildbot/

Insight

This flaw arise because user supplied data passed into the waterfall web status view in status/web/waterfall.py is not sanitised before being returned to the user.

Affected

Buildbot version 0.7.6 through 0.7.11p1 on all platforms.

References

http://secunia.com/advisories/36352/
http://sourceforge.net/mailarchive/message.php?msg_name=42338fbf0908121232mb790a6cn787ac3de90e8bc31%40mail.gmail.com
http://www.vupen.com/english/advisories/2009/2352

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2959
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Adobe ColdFusion HTTP Response Splitting Vulnerability
An Image Gallery Directory Traversal Vulnerability
Apache Struts2 'XWork' Information Disclosure Vulnerability
appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
/doc directory browsable ?

Take action and discover your vulnerabilities