Debian 3.0: DSA 169-1 Critical: ht://Check Cross Site Scripting Risk
debian
October 8, 2002
The PHP interface displays information unchecked which was gathered from crawled external web servers
Summary
Package : htcheck
Vulnerability : cross site scripting
Problem-Type : remote
Debian-specific: no
Ulf Harnhammer discovered a problem in ht://Check's PHP interface.
The PHP interface displays information unchecked which was gathered
from crawled external web servers. This could lead into a cross site
scripting attack if somebody has control over the server responses of
a remote web server which is crawled by ht://Check.
This problem has been fixed in version 1.1-1.1 for the current stable
distribution (woody) and in version 1.1-1.2 for the unstable release
(sid). The old stable release (potato) does not contain the htcheck
package.
We recommend that you upgrade your htcheck package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!