Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 21 Nov 2001 06:34:49 +0100
From:      dirk.meyer@dinoex.sub.org (Dirk Meyer)
To:        ports@freebsd.org
Subject:   Vulnerability in webalizer prior 2.1.9
Message-ID:  </7DVo2ecLr@dmeyer.dinoex.sub.org>

Next in thread | Raw E-Mail | Index | Archive | Help

Warning:

  There is a cross-site scripting vulnerability in webalizer which can
  allow an attacker to exploit a victim by embedding malicious HTML tags
  in webalizer-generated reports.


  This update fixes the aforementioned cross-site scripting
  vulnerability reported by Magnux Software.  This updated version also
  fixes a date calculation overflow error and enables DNS resolution
  provided it is enabled in the webalizer configuration file.

vulnerable versions:
	All version 2.x up to 2.1.6_4

2001/10/25 updated in the ports tree.
2001/11/03 email to security-officer@FreeBSD.org 

Packages need to build/fetched:
	webalizer-2.1.9
	de-webalizer-2.1.9
	uk-webalizer-2.1.9

kind regards Dirk

- Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany

links:
http://www.securityfocus.com/archive/1/222556
http://www.securityfocus.com/advisories/3628
http://www.securityfocus.com/archive/1/223798
http://www.securityfocus.com/advisories/3634
http://www.securityfocus.com/archive/1/224274
http://www.securityfocus.com/advisories/3643
http://www.securityfocus.com/bid/3473
http://www.securityfocus.com/archive/1/225254

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?/7DVo2ecLr>