[Japanese]

JVNDB-2005-000795

HTTPD-User-Manage cross-site scripting vulnerability

Overview

HTTPD-User-Manage is a set of Perl modules for managing user authentication information for web servers. It contains a cross-site scripting vulnerability in its CGI as it does not properly validate input strings.

This problem does not occur when only the library for managing database is solely used.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Lincoln D. Stein
  • HTTPD-User-Manage 1.62 and earlier

Impact

A malicious script may be executed on the web browser of the user who can access HTTPD-User-Manage.
Solution

Vendor Information

Lincoln D. Stein
CWE (What is CWE?)

CVE (What is CVE?)

References

  1. JVN : JVN#30451602
Revision History

  • [2008/05/21]
      Web page published

Date Public2005/11/16
Date First Published2008/05/21
Date Last Updated2008/05/21