[Japanese]

JVNDB-2003-000030

w3m Vulnerability of Unauthorized Access to Files or Cookies

Overview

w3m fails to properly escape HTML tags in the ALT attribute of an IMG tag, which could allow an attacker to access files or cookies.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [NVD Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


w3m project
  • w3m prior to version 0.3.2.2
Red Hat, Inc.
  • Red Hat Linux 7.2
  • Red Hat Linux 7.3
  • Red Hat Linux 8.0

Impact

An remote attacker could access files and cookies.
Solution

Please refer to the 'Vendor Information' section for official remediation and take appropriate action.
Vendor Information

w3m project Red Hat, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2002-1348
References

  1. National Vulnerability Database (NVD) : CVE-2002-1348
  2. SecurityFocus : 6794
  3. ISS X-Force Database : 11266
Revision History

  • [2008/05/21]
      Web page published