Security Database IT Watching - Alert Detail - CVE-2008-2929

INFORMATION

Name	:	CVE-2008-2929	First Publication	:	2008-08-29
Severity	:	Medium	Last Modification	:	2009-03-04

SCORING CVSS v2

Cvss Base Score	:	4.3	Attack Range	:	Network
Cvss Impact Score	:	2.9	Attack Complexity	:	Medium
Cvss Expoit Score	:	8.6	Authentification	:	None Required
Calculate full CVSS 2.0 Vectors scores

DETAIL

Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping.

CWE COMMON WEAKNESS ENUMERATION

Weakness : CWE-79 - Failure to Preserve Web Page Structure ('Cross-site Scripting') (From NVD)

OVALID

oval:org.mitre.oval:def:5877, HP-UX Running Netscape / Red Hat Directory Server, Remote Cross Site Scripting (XSS) or Remote Denial of Service (DoS)

CPE COMMON PLATFORM ENUMERATION (from NVD)

OPEN SOURCE VULNERABILTY DATABASE (OSVDB)

48174 : Red Hat Directory Server Directory Server Administration Express Interface adminutil Library Unspecified XSS.

48175 : Red Hat Directory Server Directory Server Gateway (DSGW) Interface adminutil Library Unspecified XSS.

SECONDARY(S) SOURCE(S)

Source : BID
Url : http://www.securityfocus.com/bid/30870

Source : CONFIRM
Url : http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html
Url : https://bugzilla.redhat.com/show_bug.cgi?id=454621

Source : FEDORA
Url : https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00218.html
Url : https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00449.html

Source : HP
Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861

Source : OVAL
Url : http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5877

Source : REDHAT
Url : https://rhn.redhat.com/errata/RHSA-2008-0596.html
Url : https://rhn.redhat.com/errata/RHSA-2008-0601.html

Source : SECTRACK
Url : http://securitytracker.com/id?1020772

Source : SECUNIA
Url : http://secunia.com/advisories/31565
Url : http://secunia.com/advisories/31612
Url : http://secunia.com/advisories/31702
Url : http://secunia.com/advisories/31777

Source : VUPEN
Url : http://www.frsirt.com/english/advisories/2008/2480

Source : XF
Url : http://xforce.iss.net/xforce/xfdb/44737