Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameMDVSA-2015:216First vendor Publication2015-04-29
VendorMandrivaLast vendor Modification2015-04-29
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Updated ntop package fixes security vulnerability:

Lack of filtering in the title parameter of links to rrdPlugin allowed cross-site-scripting (XSS) attacks against users of the web interface (CVE-2014-4165).

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:216

CWE : Common Weakness Enumeration

%idName
100 %CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Os2

Nessus® Vulnerability Scanner

DateDescription
2015-04-30Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2015-216.nasl - Type : ACT_GATHER_INFO
2015-04-17Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-309.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2015-05-01 13:28:29
  • Multiple Updates
2015-04-29 17:24:33
  • First insertion