|
Family: Debian Local Security Checks --> Category: infos
[DSA169] DSA-169-1 htcheck Vulnerability Scan
Vulnerability Scan Summary DSA-169-1 htcheck
Detailed Explanation for this Vulnerability Test
Ulf Härnhammar
discovered a problem in ht://Check's PHP interface.
The PHP interface displays information unchecked which was gathered
from crawled external web servers. This could lead into a cross site
scripting attack if somebody has control over the server responses of
a remote web server which is crawled by ht://Check.
This problem has been fixed in version 1.1-1.1 for the current stable
distribution (woody) and in version 1.1-1.2 for the unstable release
(sid). The old stable release (potato) does not contain the htcheck
package.
We recommend that you upgrade your htcheck package immediately.
Solution : http://www.debian.org/security/2002/dsa-169
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|