Debian Security Advisory DSA 711-1 (info2www) Network Vulnerability

Summary

The remote host is missing an update to info2www announced via advisory DSA 711-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20711-1

Insight

Nicolas Gregoire discovered a cross-site scripting vulnerability in info2www, a converter for info files to HTML. A malicious person could place a harmless looking link on the web that could cause arbitrary commands to be executed in the browser of the victim user. For the stable distribution (woody) this problem has been fixed in version 1.2.2.9-20woody1. For the unstable distribution (sid) this problem has been fixed in version 1.2.2.9-23. We recommend that you upgrade your info2www package.

Severity

Classification

CVE CVE-2004-1341
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 114-1 (gnujsp)
Debian Security Advisory DSA 1115-1 (gnupg2)
Debian Security Advisory DSA 1096-1 (webcalendar)
Debian Security Advisory DSA 1099-1 (horde2)
Debian Security Advisory DSA 1000-1 (libapreq2-perl)

Take action and discover your vulnerabilities