[Japanese]

JVNDB-2004-000554

Namazu cross-site scripting vulnerability

Overview

Namazu is vulnerable to cross-site scripting due to a problem in namazu.cgi. If an illegal character is specified in a string search of namazu.cgi, the subsequent characters are not processed properly.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Namazu Project.
  • Namazu 2.0.13 and earlier
MIRACLE LINUX CORPORATION
  • Asianux Server 2.0
  • Asianux Server 2.1
  • Asianux Server 3.0

Impact

All sites that use namazu.cgi for search processing on websites are vulnerable to cross-site scripting that allows an attacker to falsify web pages or steal cookie information.
Solution

Vendor Information

Namazu Project. MIRACLE LINUX CORPORATION
  • MIRACLE LINUX Update Information : namazu
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2004-1318
References

  1. JVN : JVN#904429FE
  2. National Vulnerability Database (NVD) : CVE-2004-1318
  3. Secunia Advisory : SA13600
  4. SecurityFocus : 12053
Revision History

  • [2008/05/21]
      Web page published