This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Htdig | First view | 2000-02-29 |
| Product | Htdig | Last view | 2007-11-23 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.3 | 2007-11-23 | CVE-2007-6110 | Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. |
| 6.8 | 2005-04-27 | CVE-2005-0085 | Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message. |
| 4.3 | 2002-12-31 | CVE-2002-2010 | Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig (ht://Dig) 3.1.5, 3.1.6, and 3.2 allows remote attackers to inject arbitrary web script or HTML via the words parameter. |
| 6.4 | 2001-12-06 | CVE-2001-0834 | htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file. |
| 5 | 2000-02-29 | CVE-2000-0208 | The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:10878 | Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 ... |
| oval:org.mitre.oval:def:18612 | DSA-1429-1 htdig - cross site scripting |
| oval:org.mitre.oval:def:11515 | Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows ... |
| oval:org.mitre.oval:def:22700 | ELSA-2007:1095: htdig security update (Moderate) |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 40229 | ht://Dig (htdig) htsearch sort Parameter XSS |
| 13520 | ht://Dig (htdig) config Parameter XSS |
| 7591 | ht://Dig (htdig) htsearch.cgi Write Permission Arbitrary File Access |
| 7590 | ht://Dig (htdig) htsearch.cgi words Parameter XSS |
| 654 | ht://Dig (htdig) htsearch.cgi -c Parameter DoS |
| 89 | ht://Dig (htdig) htsearch.cgi Arbitrary File Access |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-10-10 | Name : SLES9: Security update for htdig File : nvt/sles9p5018082.nasl |
| 2009-03-06 | Name : RedHat Update for htdig RHSA-2007:1095-01 File : nvt/gb_RHSA-2007_1095-01_htdig.nasl |
| 2009-02-27 | Name : Fedora Update for htdig FEDORA-2007-3907 File : nvt/gb_fedora_2007_3907_htdig_fc7.nasl |
| 2009-02-27 | Name : Fedora Update for htdig FEDORA-2007-3958 File : nvt/gb_fedora_2007_3958_htdig_fc8.nasl |
| 2009-02-27 | Name : Fedora Update for htdig FEDORA-2007-757 File : nvt/gb_fedora_2007_757_htdig_fc6.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200502-16 (htdig) File : nvt/glsa_200502_16.nasl |
| 2008-09-04 | Name : FreeBSD Ports: htdig File : nvt/freebsd_htdig.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 080-1 (htdig) File : nvt/deb_080_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1429-1 (htdig) File : nvt/deb_1429_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 680-1 (htdig) File : nvt/deb_680_1.nasl |
| 2005-11-03 | Name : ht://Dig htsearch.cgi XSS File : nvt/htdig_xss.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | htsearch access RuleID : 1602-community - Type : SERVER-WEBAPP - Revision : 21 |
| 2014-01-10 | htsearch access RuleID : 1602 - Type : SERVER-WEBAPP - Revision : 21 |
| 2014-01-10 | htsearch arbitrary file read attempt RuleID : 1601-community - Type : SERVER-WEBAPP - Revision : 21 |
| 2014-01-10 | htsearch arbitrary file read attempt RuleID : 1601 - Type : SERVER-WEBAPP - Revision : 21 |
| 2014-01-10 | htsearch arbitrary configuration file attempt RuleID : 1600-community - Type : SERVER-WEBAPP - Revision : 19 |
| 2014-01-10 | htsearch arbitrary configuration file attempt RuleID : 1600 - Type : SERVER-WEBAPP - Revision : 19 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2007-1095.nasl - Type: ACT_GATHER_INFO |
| 2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20071203_htdig_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
| 2010-01-06 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2007-1095.nasl - Type: ACT_GATHER_INFO |
| 2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_9833.nasl - Type: ACT_GATHER_INFO |
| 2007-12-13 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_htdig-4761.nasl - Type: ACT_GATHER_INFO |
| 2007-12-12 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1429.nasl - Type: ACT_GATHER_INFO |
| 2007-12-04 | Name: The remote Fedora Core host is missing a security update. File: fedora_2007-757.nasl - Type: ACT_GATHER_INFO |
| 2007-12-04 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2007-1095.nasl - Type: ACT_GATHER_INFO |
| 2007-11-29 | Name: The remote Fedora host is missing a security update. File: fedora_2007-3958.nasl - Type: ACT_GATHER_INFO |
| 2007-11-29 | Name: The remote Fedora host is missing a security update. File: fedora_2007-3907.nasl - Type: ACT_GATHER_INFO |
| 2007-11-28 | Name: The remote web server contains a CGI script affected by a cross-site scriptin... File: htsearch_sort_xss.nasl - Type: ACT_ATTACK |
| 2006-05-13 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_673aec6f1cae11dabc01000e0c2e438a.nasl - Type: ACT_GATHER_INFO |
| 2005-04-01 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-063.nasl - Type: ACT_GATHER_INFO |
| 2005-02-22 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2005-090.nasl - Type: ACT_GATHER_INFO |
| 2005-02-22 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2005-073.nasl - Type: ACT_GATHER_INFO |
| 2005-02-14 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200502-16.nasl - Type: ACT_GATHER_INFO |
| 2005-02-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-680.nasl - Type: ACT_GATHER_INFO |
| 2005-02-08 | Name: The remote host contains a web search engine that is affected by a cross-site... File: htdig_xss2.nasl - Type: ACT_GATHER_INFO |
| 2004-11-13 | Name: The remote contains a search engine that is affected by a cross-site scriptin... File: htdig_xss.nasl - Type: ACT_GATHER_INFO |
| 2004-09-29 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-080.nasl - Type: ACT_GATHER_INFO |
| 2004-07-31 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2001-083.nasl - Type: ACT_GATHER_INFO |
| 2001-10-17 | Name: The remote host contains a web search engine that is affected by multiple vul... File: htsearch_config_switch.nasl - Type: ACT_GATHER_INFO |
| 2000-03-03 | Name: The remote host contains a web search engine that is affected by an informati... File: htdig.nasl - Type: ACT_GATHER_INFO |
