Debian Security Advisory DSA 1692-1 (php-xajax) Network Vulnerability

Summary

The remote host is missing an update to php-xajax announced via advisory DSA 1692-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201692-1

Insight

It was discovered that php-xajax, a library to develop Ajax applications, did not sufficiently sanitise URLs, which allows attackers to perform cross-site scripting attacks by using malicious URLs. For the stable distribution (etch) this problem has been fixed in version 0.2.4-2+etch1. For the testing (lenny) and unstable (sid) distributions this problem has been fixed in version 0.2.5-1. We recommend that you upgrade your php-xajax package.

Severity

Classification

CVE CVE-2007-2739
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 1010-1 (ilohamail)
Debian Security Advisory DSA 086-1 (ssh-nonfree, ssh-socks)
Debian Security Advisory DSA 1079-1 (mysql-dfsg)
Debian Security Advisory DSA 084-1 (gftp)
Debian Security Advisory DSA 1073-1 (mysql-dfsg-4.1)

Take action and discover your vulnerabilities