JVNDB-2004-000554

[Japanese]
JVNDB-2004-000554
Namazu cross-site scripting vulnerability
Overview
Namazu is vulnerable to cross-site scripting due to a problem in namazu.cgi. If an illegal character is specified in a string search of namazu.cgi, the subsequent characters are not processed properly.
CVSS Severity (What is CVSS?)
CVSS V2 Severity: Base Metrics 4.3 (Medium) [IPA Score] Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
Affected Products

Namazu Project. Namazu 2.0.13 and earlier MIRACLE LINUX CORPORATION Asianux Server 2.0 Asianux Server 2.1 Asianux Server 3.0

Impact
All sites that use namazu.cgi for search processing on websites are vulnerable to cross-site scripting that allows an attacker to falsify web pages or steal cookie information.
Solution

Vendor Information
Namazu Project. Namazu Project : xss-tab (Japanese) Namazu Project : Top Page (Japanese) MIRACLE LINUX CORPORATION MIRACLE LINUX Update Information : namazu
CWE (What is CWE?)

CVE (What is CVE?)
CVE-2004-1318
References
JVN : JVN#904429FE National Vulnerability Database (NVD) : CVE-2004-1318 Secunia Advisory : SA13600 SecurityFocus : 12053
Revision History
[2008/05/21] Web page published

Namazu cross-site scripting vulnerability