[Japanese]
|
JVNDB-2008-000018
|
Namazu cross-site scripting vulnerability
|
Namazu, Japanese full-text search engine, contains a cross-site scripting vulnerability.
Namazu, Japanese full-text search engine does not specify charset in the ContentType header that could allow a remote attacker to execute an arbitrary script on the user's web browser.
|
CVSS V2 Severity: Base Metrics 4.3 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
Namazu Project.
- Namazu 2.0.17 and earlier
MIRACLE LINUX CORPORATION
- Asianux Server 2.0
- Asianux Server 2.1
|
|
An arbitrary script could be executed on the user's web browser.
|
[Update the Software]
Update to the latest version provided by Namazu Project.
[Workarounds]
Apply the appropriate workarounds according to the information provided by Namazu Project.
|
Namazu Project.
MIRACLE LINUX CORPORATION
- MIRACLE LINUX Update Information : 1795 (Japanese)
|
- Cross-site Scripting(CWE-79) [NVD Evaluation]
|
- CVE-2008-1468
|
- JVN : JVN#00892830
- National Vulnerability Database (NVD) : CVE-2008-1468
- Secunia Advisory : SA29386
- SecurityFocus : 28380
|
- [2008/05/21]
Web page published
[2009/10/27]
Affected Products : Added MIRACLE LINUX CORPORATION (1795).
Vendor Information : Added MIRACLE LINUX CORPORATION (1795).
|