|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200601-12] Trac: Cross-site scripting vulnerability Vulnerability Scan
Vulnerability Scan Summary Trac: Cross-site scripting vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200601-12
(Trac: Cross-site scripting vulnerability)
Christophe Truc discovered that Trac fails to properly sanitize
input passed in the URL.
Impact
A remote attacker could exploit this to inject and execute
malicious script code or to steal cookie-based authentication
credentials, potentially compromising the victim's browser.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4305
http://projects.edgewall.com/trac/wiki/ChangeLog#a0.9.3
Solution:
All Trac users should upgrade to the latest available version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/trac-0.9.3"
Note: Users with the vhosts USE flag set should manually use
webapp-config to finalize the update.
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.
|