4.3 - CVE-2010-3906

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2010-3906	First vendor Publication	2010-12-17
Vendor	Cve	Last vendor Modification	2021-01-26

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score	4.3	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3906

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:22223

Oval ID:	oval:org.mitre.oval:def:22223
Title:	RHSA-2010:1003: git security update (Moderate)
Description:	Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.
Family:	unix	Class:	patch
Reference(s):	RHSA-2010:1003-01 CVE-2010-3906	Version:	4
Platform(s):	Red Hat Enterprise Linux 6	Product(s):	git
Definition Synopsis:
The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section git-cvs is earlier than 0:1.7.1-2.el6_0.1 AND emacs-git-el is earlier than 0:1.7.1-2.el6_0.1 AND git-email is earlier than 0:1.7.1-2.el6_0.1 AND gitk is earlier than 0:1.7.1-2.el6_0.1 AND git-daemon is earlier than 0:1.7.1-2.el6_0.1 AND git-svn is earlier than 0:1.7.1-2.el6_0.1 AND git-all is earlier than 0:1.7.1-2.el6_0.1 AND git-gui is earlier than 0:1.7.1-2.el6_0.1 AND emacs-git is earlier than 0:1.7.1-2.el6_0.1 AND gitweb is earlier than 0:1.7.1-2.el6_0.1 AND git is earlier than 0:1.7.1-2.el6_0.1 AND perl-Git is earlier than 0:1.7.1-2.el6_0.1

Definition Id: oval:org.mitre.oval:def:23492

Oval ID:	oval:org.mitre.oval:def:23492
Title:	ELSA-2010:1003: git security update (Moderate)
Description:	Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.
Family:	unix	Class:	patch
Reference(s):	ELSA-2010:1003-01 CVE-2010-3906	Version:	6
Platform(s):	Oracle Linux 6	Product(s):	git
Definition Synopsis:
Oracle Linux 6.x rpm test git-cvs is earlier than 0:1.7.1-2.el6_0.1 AND emacs-git-el is earlier than 0:1.7.1-2.el6_0.1 AND git-email is earlier than 0:1.7.1-2.el6_0.1 AND gitk is earlier than 0:1.7.1-2.el6_0.1 AND git-daemon is earlier than 0:1.7.1-2.el6_0.1 AND git-svn is earlier than 0:1.7.1-2.el6_0.1 AND git-all is earlier than 0:1.7.1-2.el6_0.1 AND git-gui is earlier than 0:1.7.1-2.el6_0.1 AND emacs-git is earlier than 0:1.7.1-2.el6_0.1 AND gitweb is earlier than 0:1.7.1-2.el6_0.1 AND git is earlier than 0:1.7.1-2.el6_0.1 AND perl-Git is earlier than 0:1.7.1-2.el6_0.1

Definition Id: oval:org.mitre.oval:def:27949

Oval ID:	oval:org.mitre.oval:def:27949
Title:	DEPRECATED: ELSA-2010-1003 -- git security update (moderate)
Description:	[1.7.1-2.1] - fix CVE-2010-3906
Family:	unix	Class:	patch
Reference(s):	ELSA-2010-1003 CVE-2010-3906	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	git
Definition Synopsis:
Oracle Linux 6.x Packages match section git is earlier than 0:1.7.1-2.el6_0.1 AND emacs-git is earlier than 0:1.7.1-2.el6_0.1 AND emacs-git-el is earlier than 0:1.7.1-2.el6_0.1 AND git-all is earlier than 0:1.7.1-2.el6_0.1 AND git-cvs is earlier than 0:1.7.1-2.el6_0.1 AND git-daemon is earlier than 0:1.7.1-2.el6_0.1 AND git-email is earlier than 0:1.7.1-2.el6_0.1 AND git-gui is earlier than 0:1.7.1-2.el6_0.1 AND git-svn is earlier than 0:1.7.1-2.el6_0.1 AND gitk is earlier than 0:1.7.1-2.el6_0.1 AND gitweb is earlier than 0:1.7.1-2.el6_0.1 AND perl-Git is earlier than 0:1.7.1-2.el6_0.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Git cpe:2.3:a:git:git:1.7.3.2:::::::* cpe:2.3:a:git:git:1.7.3.1:::::::* cpe:2.3:a:git:git:1.7.3:::::::* cpe:2.3:a:git:git:1.7.2.5:::::::* cpe:2.3:a:git:git:1.7.2.4:::::::* cpe:2.3:a:git:git:1.7.2.3:::::::* cpe:2.3:a:git:git:1.7.2.2:::::::* cpe:2.3:a:git:git:1.7.2.1:::::::* cpe:2.3:a:git:git:1.7.2:::::::* cpe:2.3:a:git:git:1.6.3.2:::::::* cpe:2.3:a:git:git:1.6.3.1:::::::* cpe:2.3:a:git:git:1.6.3:rc4:::::: cpe:2.3:a:git:git:1.6.3:rc3:::::: cpe:2.3:a:git:git:1.6.3:::::::* cpe:2.3:a:git:git:1.6.3:rc2:::::: cpe:2.3:a:git:git:1.6.3:rc1:::::: cpe:2.3:a:git:git:1.6.2.5:::::::* cpe:2.3:a:git:git:1.6.2.4:::::::* cpe:2.3:a:git:git:1.6.2.3:::::::* cpe:2.3:a:git:git:1.6.2.2:::::::* cpe:2.3:a:git:git:1.6.2.1:::::::* cpe:2.3:a:git:git:1.6.2:rc1:::::: cpe:2.3:a:git:git:1.6.2:::::::* cpe:2.3:a:git:git:1.6.1.4:::::::* cpe:2.3:a:git:git:1.6.1:::::::* cpe:2.3:a:git:git:1.6.1:rc3:::::: cpe:2.3:a:git:git:1.6.1:rc4:::::: cpe:2.3:a:git:git:1.6.1:rc1:::::: cpe:2.3:a:git:git:1.6.1:rc2:::::: cpe:2.3:a:git:git:1.6.0.6:::::::* cpe:2.3:a:git:git:1.6.0.5:::::::* cpe:2.3:a:git:git:1.6.0.4:::::::* cpe:2.3:a:git:git:1.6.0.3:::::::* cpe:2.3:a:git:git:1.6.0.2:::::::* cpe:2.3:a:git:git:1.6.0.1:::::::* cpe:2.3:a:git:git:1.6.0:rc1:::::: cpe:2.3:a:git:git:1.6.0:rc2:::::: cpe:2.3:a:git:git:1.6.0:rc3:::::: cpe:2.3:a:git:git:1.6.0:::::::* cpe:2.3:a:git:git:1.5.6.6:rc3:::::: cpe:2.3:a:git:git:1.5.6.6:rc0:::::: cpe:2.3:a:git:git:1.5.6.6:::::::* cpe:2.3:a:git:git:1.5.6.6:rc2:::::: cpe:2.3:a:git:git:1.5.6.5:::::::* cpe:2.3:a:git:git:1.5.6.4:::::::* cpe:2.3:a:git:git:1.5.6.3:::::::* cpe:2.3:a:git:git:1.5.6.2:::::::* cpe:2.3:a:git:git:1.5.6.1:::::::* cpe:2.3:a:git:git:1.5.6:::::::* cpe:2.3:a:git:git:1.5.5.6:::::::* cpe:2.3:a:git:git:1.5.5.5:::::::* cpe:2.3:a:git:git:1.5.5.4:::::::* cpe:2.3:a:git:git:1.5.5.3:::::::* cpe:2.3:a:git:git:1.5.5.3:r1:::::: cpe:2.3:a:git:git:1.5.5.2:::::::* cpe:2.3:a:git:git:1.5.5.1:::::::* cpe:2.3:a:git:git:1.5.5:rc1:::::: cpe:2.3:a:git:git:1.5.5:rc2:::::: cpe:2.3:a:git:git:1.5.5:rc3:::::: cpe:2.3:a:git:git:1.5.5:::::::* cpe:2.3:a:git:git:1.5.4.7:::::::* cpe:2.3:a:git:git:1.5.4.6:::::::* cpe:2.3:a:git:git:1.5.4.5:::::::* cpe:2.3:a:git:git:1.5.4.4:::::::* cpe:2.3:a:git:git:1.5.4.3:::::::* cpe:2.3:a:git:git:1.5.4.2:::::::* cpe:2.3:a:git:git:1.5.4.1:::::::* cpe:2.3:a:git:git:1.5.4:::::::* cpe:2.3:a:git:git:1.5.4:rc3:::::: cpe:2.3:a:git:git:1.5.4:rc1:::::: cpe:2.3:a:git:git:1.5.4:rc0:::::: cpe:2.3:a:git:git:1.5.4:rc2:::::: cpe:2.3:a:git:git:1.5.4:rc4:::::: cpe:2.3:a:git:git:1.5.4:rc5:::::: cpe:2.3:a:git:git:1.5.4:rc1.1136.g2794:::::: cpe:2.3:a:git:git:1.5.3.8:::::::* cpe:2.3:a:git:git:1.5.3.7:::::::* cpe:2.3:a:git:git:1.5.3.6:::::::* cpe:2.3:a:git:git:1.5.3.5:::::::* cpe:2.3:a:git:git:1.5.3.4:::::::* cpe:2.3:a:git:git:1.5.3.3:::::::* cpe:2.3:a:git:git:1.5.3.2:::::::* cpe:2.3:a:git:git:1.5.3.1:::::::* cpe:2.3:a:git:git:1.5.3:rc5:::::: cpe:2.3:a:git:git:1.5.3:rc7:::::: cpe:2.3:a:git:git:1.5.3:::::::* cpe:2.3:a:git:git:1.5.3:rc4:::::: cpe:2.3:a:git:git:1.5.2.5:::::::* cpe:2.3:a:git:git:1.5.2.4:::::::* cpe:2.3:a:git:git:1.5.2.3:::::::* cpe:2.3:a:git:git:1.5.2.2:::::::* cpe:2.3:a:git:git:1.5.2.1:::::::* cpe:2.3:a:git:git:1.5.2:::::::* cpe:2.3:a:git:git:1.5.1.6:::::::* cpe:2.3:a:git:git:1.5.1.5:::::::* cpe:2.3:a:git:git:1.5.1.4:::::::* cpe:2.3:a:git:git:1.5.1.3:::::::* cpe:2.3:a:git:git:1.5.1.2:::::::* cpe:2.3:a:git:git:1.5.1.1:::::::* cpe:2.3:a:git:git:1.5.1:::::::* cpe:2.3:a:git:git:1.5.0.7:::::::* cpe:2.3:a:git:git:1.5.0.6:::::::* cpe:2.3:a:git:git:1.5.0.5:::::::* cpe:2.3:a:git:git:1.5.0.4:::::::* cpe:2.3:a:git:git:1.5.0.3:::::::* cpe:2.3:a:git:git:1.5.0.2:::::::* cpe:2.3:a:git:git:1.5.0.1:::::::* cpe:2.3:a:git:git:1.5.0:::::::* cpe:2.3:a:git:git:1.5.0:rc2:::::: cpe:2.3:a:git:git:1.5.0:rc4:::::: cpe:2.3:a:git:git:1.5.0:rc3:::::: cpe:2.3:a:git:git:1.4.4.5:::::::* cpe:2.3:a:git:git:1.4.4.4:::::::* cpe:2.3:a:git:git:1.4.4.3:::::::* cpe:2.3:a:git:git:1.4.4.2:::::::* cpe:2.3:a:git:git:1.4.4.1:::::::* cpe:2.3:a:git:git:1.4.4:::::::* cpe:2.3:a:git:git:1.4.3.5:::::::* cpe:2.3:a:git:git:1.4.3.4:::::::* cpe:2.3:a:git:git:1.4.3.3:::::::* cpe:2.3:a:git:git:1.4.3.2:::::::* cpe:2.3:a:git:git:1.4.3.1:::::::* cpe:2.3:a:git:git:1.4.3:::::::* cpe:2.3:a:git:git:1.4.2.4:::::::* cpe:2.3:a:git:git:1.4.2.3:::::::* cpe:2.3:a:git:git:1.4.2.2:::::::* cpe:2.3:a:git:git:1.4.2.1:::::::* cpe:2.3:a:git:git:1.4.2:::::::* cpe:2.3:a:git:git:1.4.1.1:::::::* cpe:2.3:a:git:git:1.4.1:::::::* cpe:2.3:a:git:git:1.4.0:::::::* cpe:2.3:a:git:git:1.3.3:::::::* cpe:2.3:a:git:git:1.3.2:::::::* cpe:2.3:a:git:git:1.3.1:::::::* cpe:2.3:a:git:git:1.3.0:::::::* cpe:2.3:a:git:git:1.2.6:::::::* cpe:2.3:a:git:git:1.2.5:::::::* cpe:2.3:a:git:git:1.2.4:::::::* cpe:2.3:a:git:git:1.2.3:::::::* cpe:2.3:a:git:git:1.2.2:::::::* cpe:2.3:a:git:git:1.2.1:::::::* cpe:2.3:a:git:git:1.2.0:::::::* cpe:2.3:a:git:git:1.1.6:::::::* cpe:2.3:a:git:git:1.1.5:::::::* cpe:2.3:a:git:git:1.1.4:::::::* cpe:2.3:a:git:git:1.1.3:::::::* cpe:2.3:a:git:git:1.1.2:::::::* cpe:2.3:a:git:git:1.1.1:::::::* cpe:2.3:a:git:git:1.1.0:::::::* cpe:2.3:a:git:git:1.0.8:::::::* cpe:2.3:a:git:git:1.0.7:::::::* cpe:2.3:a:git:git:1.0.6:::::::* cpe:2.3:a:git:git:1.0.5:::::::* cpe:2.3:a:git:git:1.0.4:::::::* cpe:2.3:a:git:git:1.0.3:::::::* cpe:2.3:a:git:git:1.0.0b:::::::* cpe:2.3:a:git:git:1.0.0:::::::* cpe:2.3:a:git:git:0.99.9n:::::::* cpe:2.3:a:git:git:0.99.9m:::::::* cpe:2.3:a:git:git:0.99.9l:::::::* cpe:2.3:a:git:git:0.99.9k:::::::* cpe:2.3:a:git:git:0.99.9j:::::::*	162
Application	Git-Scm Git cpe:2.3:a:git-scm:git:1.7.3.3:::::::* cpe:2.3:a:git-scm:git:1.7.3.2:::::::* cpe:2.3:a:git-scm:git:1.7.3.1:::::::* cpe:2.3:a:git-scm:git:1.7.3:-:::::: cpe:2.3:a:git-scm:git:1.7.3:rc0:::::: cpe:2.3:a:git-scm:git:1.7.3:rc2:::::: cpe:2.3:a:git-scm:git:1.7.2.5:::::::* cpe:2.3:a:git-scm:git:1.7.2.4:::::::* cpe:2.3:a:git-scm:git:1.7.2.3:::::::* cpe:2.3:a:git-scm:git:1.7.2.2:::::::* cpe:2.3:a:git-scm:git:1.7.2.1:::::::* cpe:2.3:a:git-scm:git:1.7.2:-:::::: cpe:2.3:a:git-scm:git:1.7.2:rc0:::::: cpe:2.3:a:git-scm:git:1.7.2:rc2:::::: cpe:2.3:a:git-scm:git:1.7.2:rc3:::::: cpe:2.3:a:git-scm:git:1.7.1.4:::::::* cpe:2.3:a:git-scm:git:1.7.1.3:::::::* cpe:2.3:a:git-scm:git:1.7.1.2:::::::* cpe:2.3:a:git-scm:git:1.7.1.1:::::::* cpe:2.3:a:git-scm:git:1.7.1:-:::::: cpe:2.3:a:git-scm:git:1.7.1:rc0:::::: cpe:2.3:a:git-scm:git:1.7.1:rc1:::::: cpe:2.3:a:git-scm:git:1.7.1:rc2:::::: cpe:2.3:a:git-scm:git:1.7.0.9:::::::* cpe:2.3:a:git-scm:git:1.7.0.8:::::::* cpe:2.3:a:git-scm:git:1.7.0.7:::::::* cpe:2.3:a:git-scm:git:1.7.0.6:::::::* cpe:2.3:a:git-scm:git:1.7.0.5:::::::* cpe:2.3:a:git-scm:git:1.7.0.4:::::::* cpe:2.3:a:git-scm:git:1.7.0.3:::::::* cpe:2.3:a:git-scm:git:1.7.0.2:::::::* cpe:2.3:a:git-scm:git:1.7.0.1:::::::* cpe:2.3:a:git-scm:git:1.7.0:-:::::: cpe:2.3:a:git-scm:git:1.7.0:rc0:::::: cpe:2.3:a:git-scm:git:1.7.0:rc2:::::: cpe:2.3:a:git-scm:git:1.6.6.3:::::::* cpe:2.3:a:git-scm:git:1.6.6.2:::::::* cpe:2.3:a:git-scm:git:1.6.6.1:::::::* cpe:2.3:a:git-scm:git:1.6.6:::::::* cpe:2.3:a:git-scm:git:1.6.6:rc0:::::: cpe:2.3:a:git-scm:git:1.6.6:rc1:::::: cpe:2.3:a:git-scm:git:1.6.6:rc2:::::: cpe:2.3:a:git-scm:git:1.6.6:rc3:::::: cpe:2.3:a:git-scm:git:1.6.6:rc4:::::: cpe:2.3:a:git-scm:git:1.6.5.9:::::::* cpe:2.3:a:git-scm:git:1.6.5.8:::::::* cpe:2.3:a:git-scm:git:1.6.5.7:::::::* cpe:2.3:a:git-scm:git:1.6.5.6:::::::* cpe:2.3:a:git-scm:git:1.6.5.5:::::::* cpe:2.3:a:git-scm:git:1.6.5.4:::::::* cpe:2.3:a:git-scm:git:1.6.5.3:::::::* cpe:2.3:a:git-scm:git:1.6.5.2:::::::* cpe:2.3:a:git-scm:git:1.6.5.1:::::::* cpe:2.3:a:git-scm:git:1.6.5:-:::::: cpe:2.3:a:git-scm:git:1.6.5:rc0:::::: cpe:2.3:a:git-scm:git:1.6.4.5:::::::* cpe:2.3:a:git-scm:git:1.6.4.4:::::::* cpe:2.3:a:git-scm:git:1.6.4.3:::::::* cpe:2.3:a:git-scm:git:1.6.4.2:::::::* cpe:2.3:a:git-scm:git:1.6.4.1:::::::* cpe:2.3:a:git-scm:git:1.6.4:-:::::: cpe:2.3:a:git-scm:git:1.6.4:rc0:::::: cpe:2.3:a:git-scm:git:1.6.3.4:::::::* cpe:2.3:a:git-scm:git:1.6.3.3:::::::* cpe:2.3:a:git-scm:git:1.6.3.2:::::::* cpe:2.3:a:git-scm:git:1.6.3.1:::::::* cpe:2.3:a:git-scm:git:1.6.3:-:::::: cpe:2.3:a:git-scm:git:1.6.3:rc0:::::: cpe:2.3:a:git-scm:git:1.6.3:rc3:::::: cpe:2.3:a:git-scm:git:1.6.3:rc4:::::: cpe:2.3:a:git-scm:git:1.6.2.5:::::::* cpe:2.3:a:git-scm:git:1.6.2.4:::::::* cpe:2.3:a:git-scm:git:1.6.2.3:::::::* cpe:2.3:a:git-scm:git:1.6.2.2:::::::* cpe:2.3:a:git-scm:git:1.6.2.1:::::::* cpe:2.3:a:git-scm:git:1.6.2:-:::::: cpe:2.3:a:git-scm:git:1.6.2:rc0:::::: cpe:2.3:a:git-scm:git:1.6.2:rc2:::::: cpe:2.3:a:git-scm:git:1.6.1.4:::::::* cpe:2.3:a:git-scm:git:1.6.1.3:::::::* cpe:2.3:a:git-scm:git:1.6.1.2:::::::* cpe:2.3:a:git-scm:git:1.6.1.1:::::::* cpe:2.3:a:git-scm:git:1.6.1:-:::::: cpe:2.3:a:git-scm:git:1.6.1:rc2:::::: cpe:2.3:a:git-scm:git:1.6.1:rc3:::::: cpe:2.3:a:git-scm:git:1.6.1:rc4:::::: cpe:2.3:a:git-scm:git:1.6.0.6:::::::* cpe:2.3:a:git-scm:git:1.6.0.5:::::::* cpe:2.3:a:git-scm:git:1.6.0.4:::::::* cpe:2.3:a:git-scm:git:1.6.0.3:::::::* cpe:2.3:a:git-scm:git:1.6.0.2:::::::* cpe:2.3:a:git-scm:git:1.6.0.1:::::::* cpe:2.3:a:git-scm:git:1.6.0:-:::::: cpe:2.3:a:git-scm:git:1.6.0:rc0:::::: cpe:2.3:a:git-scm:git:1.6.0:rc1:::::: cpe:2.3:a:git-scm:git:1.6.0:rc2:::::: cpe:2.3:a:git-scm:git:1.6.0:rc3:::::: cpe:2.3:a:git-scm:git:1.5.6.6:::::::* cpe:2.3:a:git-scm:git:1.5.6.5:::::::* cpe:2.3:a:git-scm:git:1.5.6.4:::::::* cpe:2.3:a:git-scm:git:1.5.6.3:::::::* cpe:2.3:a:git-scm:git:1.5.6.2:::::::* cpe:2.3:a:git-scm:git:1.5.6.1:::::::* cpe:2.3:a:git-scm:git:1.5.6:-:::::: cpe:2.3:a:git-scm:git:1.5.6:rc0:::::: cpe:2.3:a:git-scm:git:1.5.6:rc1:::::: cpe:2.3:a:git-scm:git:1.5.6:rc2:::::: cpe:2.3:a:git-scm:git:1.5.6:rc3:::::: cpe:2.3:a:git-scm:git:1.5.5.6:::::::* cpe:2.3:a:git-scm:git:1.5.5.5:::::::* cpe:2.3:a:git-scm:git:1.5.5.4:::::::* cpe:2.3:a:git-scm:git:1.5.5.3:::::::* cpe:2.3:a:git-scm:git:1.5.5.2:::::::* cpe:2.3:a:git-scm:git:1.5.5.1:::::::* cpe:2.3:a:git-scm:git:1.5.5:-:::::: cpe:2.3:a:git-scm:git:1.5.5:rc0:::::: cpe:2.3:a:git-scm:git:1.5.4.7:::::::* cpe:2.3:a:git-scm:git:1.5.4.6:::::::* cpe:2.3:a:git-scm:git:1.5.4.5:::::::* cpe:2.3:a:git-scm:git:1.5.4.4:::::::* cpe:2.3:a:git-scm:git:1.5.4.3:::::::* cpe:2.3:a:git-scm:git:1.5.4.2:::::::* cpe:2.3:a:git-scm:git:1.5.4.1:::::::* cpe:2.3:a:git-scm:git:1.5.4:-:::::: cpe:2.3:a:git-scm:git:1.5.4:rc0:::::: cpe:2.3:a:git-scm:git:1.5.4:rc5:::::: cpe:2.3:a:git-scm:git:1.5.3.8:::::::* cpe:2.3:a:git-scm:git:1.5.3.7:::::::* cpe:2.3:a:git-scm:git:1.5.3.6:::::::* cpe:2.3:a:git-scm:git:1.5.3.5:::::::* cpe:2.3:a:git-scm:git:1.5.3.4:::::::* cpe:2.3:a:git-scm:git:1.5.3.3:::::::* cpe:2.3:a:git-scm:git:1.5.3.2:::::::* cpe:2.3:a:git-scm:git:1.5.3.1:::::::* cpe:2.3:a:git-scm:git:1.5.3:-:::::: cpe:2.3:a:git-scm:git:1.5.3:rc0:::::: cpe:2.3:a:git-scm:git:1.5.3:rc4:::::: cpe:2.3:a:git-scm:git:1.5.3:rc5:::::: cpe:2.3:a:git-scm:git:1.5.3:rc6:::::: cpe:2.3:a:git-scm:git:1.5.3:rc7:::::: cpe:2.3:a:git-scm:git:1.5.2.5:::::::* cpe:2.3:a:git-scm:git:1.5.2.4:::::::* cpe:2.3:a:git-scm:git:1.5.2.3:::::::* cpe:2.3:a:git-scm:git:1.5.2.2:::::::* cpe:2.3:a:git-scm:git:1.5.2.1:::::::* cpe:2.3:a:git-scm:git:1.5.2:-:::::: cpe:2.3:a:git-scm:git:1.5.2:rc0:::::: cpe:2.3:a:git-scm:git:1.5.1.6:::::::* cpe:2.3:a:git-scm:git:1.5.1.5:::::::* cpe:2.3:a:git-scm:git:1.5.1.4:::::::* cpe:2.3:a:git-scm:git:1.5.1.3:::::::* cpe:2.3:a:git-scm:git:1.5.1.2:::::::* cpe:2.3:a:git-scm:git:1.5.1.1:::::::* cpe:2.3:a:git-scm:git:1.5.1:-:::::: cpe:2.3:a:git-scm:git:1.5.1:rc1:::::: cpe:2.3:a:git-scm:git:1.5.1:rc2:::::: cpe:2.3:a:git-scm:git:1.5.1:rc3:::::: cpe:2.3:a:git-scm:git:1.5.0.7:::::::* cpe:2.3:a:git-scm:git:1.5.0.6:::::::* cpe:2.3:a:git-scm:git:1.5.0.5:::::::* cpe:2.3:a:git-scm:git:1.5.0.4:::::::* cpe:2.3:a:git-scm:git:1.5.0.3:::::::* cpe:2.3:a:git-scm:git:1.5.0.2:::::::* cpe:2.3:a:git-scm:git:1.5.0.1:::::::* cpe:2.3:a:git-scm:git:1.5.0:-:::::: cpe:2.3:a:git-scm:git:1.5.0:rc0:::::: cpe:2.3:a:git-scm:git:1.5.0:rc3:::::: cpe:2.3:a:git-scm:git:1.5.0:rc4:::::: cpe:2.3:a:git-scm:git:1.4.4.5:::::::* cpe:2.3:a:git-scm:git:1.4.4.4:::::::* cpe:2.3:a:git-scm:git:1.4.4.3:::::::* cpe:2.3:a:git-scm:git:1.4.4.2:::::::* cpe:2.3:a:git-scm:git:1.4.4.1:::::::* cpe:2.3:a:git-scm:git:1.4.4:-:::::: cpe:2.3:a:git-scm:git:1.4.3.5:::::::* cpe:2.3:a:git-scm:git:1.4.3.4:::::::* cpe:2.3:a:git-scm:git:1.4.3.3:::::::* cpe:2.3:a:git-scm:git:1.4.3.2:::::::* cpe:2.3:a:git-scm:git:1.4.3.1:::::::* cpe:2.3:a:git-scm:git:1.4.3:-:::::: cpe:2.3:a:git-scm:git:1.4.3:rc2:::::: cpe:2.3:a:git-scm:git:1.4.3:rc3:::::: cpe:2.3:a:git-scm:git:1.4.2.4:::::::* cpe:2.3:a:git-scm:git:1.4.2.3:::::::* cpe:2.3:a:git-scm:git:1.4.2.2:::::::* cpe:2.3:a:git-scm:git:1.4.2.1:::::::* cpe:2.3:a:git-scm:git:1.4.2:-:::::: cpe:2.3:a:git-scm:git:1.4.2:rc1:::::: cpe:2.3:a:git-scm:git:1.4.2:rc2:::::: cpe:2.3:a:git-scm:git:1.4.2:rc3:::::: cpe:2.3:a:git-scm:git:1.4.2:rc4:::::: cpe:2.3:a:git-scm:git:1.4.1.1:::::::* cpe:2.3:a:git-scm:git:1.4.1:-:::::: cpe:2.3:a:git-scm:git:1.4.0:-:::::: cpe:2.3:a:git-scm:git:1.4.0:rc1:::::: cpe:2.3:a:git-scm:git:1.4.0:rc2:::::: cpe:2.3:a:git-scm:git:1.3.3:::::::* cpe:2.3:a:git-scm:git:1.3.2:::::::* cpe:2.3:a:git-scm:git:1.3.1:::::::* cpe:2.3:a:git-scm:git:1.3.0:-:::::: cpe:2.3:a:git-scm:git:1.3.0:rc1:::::: cpe:2.3:a:git-scm:git:1.3.0:rc2:::::: cpe:2.3:a:git-scm:git:1.3.0:rc3:::::: cpe:2.3:a:git-scm:git:1.3.0:rc4:::::: cpe:2.3:a:git-scm:git:1.2.6:::::::* cpe:2.3:a:git-scm:git:1.2.5:::::::* cpe:2.3:a:git-scm:git:1.2.4:::::::* cpe:2.3:a:git-scm:git:1.2.3:::::::* cpe:2.3:a:git-scm:git:1.2.2:::::::* cpe:2.3:a:git-scm:git:1.2.1:::::::* cpe:2.3:a:git-scm:git:1.2.0:::::::* cpe:2.3:a:git-scm:git:1.1.6:::::::* cpe:2.3:a:git-scm:git:1.1.5:::::::* cpe:2.3:a:git-scm:git:1.1.4:::::::* cpe:2.3:a:git-scm:git:1.1.3:::::::* cpe:2.3:a:git-scm:git:1.1.2:::::::* cpe:2.3:a:git-scm:git:1.1.1:::::::* cpe:2.3:a:git-scm:git:1.1.0:::::::* cpe:2.3:a:git-scm:git:1.0.9:::::::* cpe:2.3:a:git-scm:git:1.0.8:::::::* cpe:2.3:a:git-scm:git:1.0.7:::::::* cpe:2.3:a:git-scm:git:1.0.6:::::::* cpe:2.3:a:git-scm:git:1.0.5:::::::* cpe:2.3:a:git-scm:git:1.0.4:::::::* cpe:2.3:a:git-scm:git:1.0.3:::::::* cpe:2.3:a:git-scm:git:1.0.2:::::::* cpe:2.3:a:git-scm:git:1.0.13:::::::* cpe:2.3:a:git-scm:git:1.0.12:::::::* cpe:2.3:a:git-scm:git:1.0.11:::::::* cpe:2.3:a:git-scm:git:1.0.10:::::::* cpe:2.3:a:git-scm:git:1.0.1:::::::* cpe:2.3:a:git-scm:git:1.0.0b:::::::* cpe:2.3:a:git-scm:git:1.0.0a:::::::* cpe:2.3:a:git-scm:git:1.0.0:-:::::: cpe:2.3:a:git-scm:git:0.99.9n:::::::* cpe:2.3:a:git-scm:git:0.99.9m:::::::* cpe:2.3:a:git-scm:git:0.99.9l:::::::* cpe:2.3:a:git-scm:git:0.99.9k:::::::* cpe:2.3:a:git-scm:git:0.99.9j:::::::* cpe:2.3:a:git-scm:git:0.99.9i:::::::* cpe:2.3:a:git-scm:git:0.99.9h:::::::* cpe:2.3:a:git-scm:git:0.99.9g:::::::* cpe:2.3:a:git-scm:git:0.99.9f:::::::* cpe:2.3:a:git-scm:git:0.99.9e:::::::* cpe:2.3:a:git-scm:git:0.99.9d:::::::* cpe:2.3:a:git-scm:git:0.99.9c:::::::* cpe:2.3:a:git-scm:git:0.99.9b:::::::* cpe:2.3:a:git-scm:git:0.99.9a:::::::* cpe:2.3:a:git-scm:git:0.99.9:::::::* cpe:2.3:a:git-scm:git:0.99.8g:::::::* cpe:2.3:a:git-scm:git:0.99.8f:::::::* cpe:2.3:a:git-scm:git:0.99.8e:::::::* cpe:2.3:a:git-scm:git:0.99.8d:::::::* cpe:2.3:a:git-scm:git:0.99.8c:::::::* cpe:2.3:a:git-scm:git:0.99.8b:::::::* cpe:2.3:a:git-scm:git:0.99.8a:::::::* cpe:2.3:a:git-scm:git:0.99.8:::::::* cpe:2.3:a:git-scm:git:0.99.7d:::::::* cpe:2.3:a:git-scm:git:0.99.7c:::::::* cpe:2.3:a:git-scm:git:0.99.7b:::::::* cpe:2.3:a:git-scm:git:0.99.7a:::::::* cpe:2.3:a:git-scm:git:0.99.7:::::::* cpe:2.3:a:git-scm:git:0.99.6:::::::* cpe:2.3:a:git-scm:git:0.99.5:::::::* cpe:2.3:a:git-scm:git:0.99.4:::::::* cpe:2.3:a:git-scm:git:0.99.3:::::::* cpe:2.3:a:git-scm:git:0.99.2:::::::* cpe:2.3:a:git-scm:git:0.99.1:::::::* cpe:2.3:a:git-scm:git:0.99:::::::* cpe:2.3:a:git-scm:git:0.9.3:::::::* cpe:2.3:a:git-scm:git:0.9.2:::::::* cpe:2.3:a:git-scm:git:0.9.1:::::::* cpe:2.3:a:git-scm:git:0.9.0:::::::* cpe:2.3:a:git-scm:git:0.8.4:::::::* cpe:2.3:a:git-scm:git:0.8.3:::::::* cpe:2.3:a:git-scm:git:0.8.2:::::::* cpe:2.3:a:git-scm:git:0.8.1:::::::* cpe:2.3:a:git-scm:git:0.8.0:::::::* cpe:2.3:a:git-scm:git:0.7.5:::::::* cpe:2.3:a:git-scm:git:0.7.4:::::::* cpe:2.3:a:git-scm:git:0.7.3:::::::* cpe:2.3:a:git-scm:git:0.7.2:::::::* cpe:2.3:a:git-scm:git:0.7.1:::::::* cpe:2.3:a:git-scm:git:0.7.0:-:::::: cpe:2.3:a:git-scm:git:0.7.0:::::::* cpe:2.3:a:git-scm:git:0.7.0:rc1:::::: cpe:2.3:a:git-scm:git:0.6.5:::::::* cpe:2.3:a:git-scm:git:0.6.4:::::::* cpe:2.3:a:git-scm:git:0.6.3:::::::* cpe:2.3:a:git-scm:git:0.6.2:::::::* cpe:2.3:a:git-scm:git:0.6.1:::::::* cpe:2.3:a:git-scm:git:0.6.0:::::::* cpe:2.3:a:git-scm:git:0.5:::::::* cpe:2.3:a:git-scm:git:0.21.0:::::::* cpe:2.3:a:git-scm:git:0.20.0:::::::* cpe:2.3:a:git-scm:git:0.19.0:::::::* cpe:2.3:a:git-scm:git:0.18.0:::::::* cpe:2.3:a:git-scm:git:0.17.0:::::::* cpe:2.3:a:git-scm:git:0.16.0:::::::* cpe:2.3:a:git-scm:git:0.15.0:::::::* cpe:2.3:a:git-scm:git:0.14.0:::::::* cpe:2.3:a:git-scm:git:0.13.0:::::::* cpe:2.3:a:git-scm:git:0.12.0:::::::* cpe:2.3:a:git-scm:git:0.11.0:::::::* cpe:2.3:a:git-scm:git:0.10.2:::::::* cpe:2.3:a:git-scm:git:0.10.1:::::::* cpe:2.3:a:git-scm:git:0.10.0:::::::* cpe:2.3:a:git-scm:git:0.04:::::::* cpe:2.3:a:git-scm:git:0.03:::::::* cpe:2.3:a:git-scm:git:0.02:::::::* cpe:2.3:a:git-scm:git:0.01:::::::* cpe:2.3:a:git-scm:git::::::::	312

ExploitDB Exploits

id	Description
2010-12-15	Gitweb <=1.7.3.3 Cross Site Scripting

OpenVAS Exploits

Date	Description
2011-01-11	Name : Fedora Update for git FEDORA-2010-18973 File : nvt/gb_fedora_2010_18973_git_fc13.nasl
2010-12-28	Name : Fedora Update for git FEDORA-2010-18981 File : nvt/gb_fedora_2010_18981_git_fc14.nasl
2010-12-28	Name : Mandriva Update for git MDVSA-2010:256 (git) File : nvt/gb_mandriva_MDVSA_2010_256.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
69929	Gitweb index.php Multiple Parameter XSS Gitweb contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'f' and 'fp' parameters upon submission to the index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Description

69929

Gitweb index.php Multiple Parameter XSS

Gitweb contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'f' and 'fp' parameters upon submission to the index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Nessus® Vulnerability Scanner

Date	Description
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_git-110117.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-1003.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101221_git_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2011-05-05	Name : The remote openSUSE host is missing a security update. File : suse_11_2_git-110117.nasl - Type : ACT_GATHER_INFO
2011-01-04	Name : The remote Fedora host is missing a security update. File : fedora_2010-18973.nasl - Type : ACT_GATHER_INFO
2010-12-26	Name : The remote Fedora host is missing a security update. File : fedora_2010-18981.nasl - Type : ACT_GATHER_INFO
2010-12-23	Name : The remote web server hosts a CGI script that is prone to a cross- site scrip... File : gitweb_f_xss.nasl - Type : ACT_ATTACK
2010-12-22	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-1003.nasl - Type : ACT_GATHER_INFO
2010-12-17	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-256.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/45439
EXPLOIT-DB	http://www.exploit-db.com/exploits/15744
FEDORA	http://lists.fedoraproject.org/pipermail/package-announce/2010-December/05251... http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052782...
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2010:256
REDHAT	http://www.redhat.com/support/errata/RHSA-2010-1003.html
SECTRACK	http://www.securitytracker.com/id?1024905
SECUNIA	http://secunia.com/advisories/42645 http://secunia.com/advisories/42731 http://secunia.com/advisories/42743 http://secunia.com/advisories/43457
SUSE	http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html
VUPEN	http://www.vupen.com/english/advisories/2010/3323 http://www.vupen.com/english/advisories/2011/0010 http://www.vupen.com/english/advisories/2011/0464

Alert History

If you want to see full details history, please login or register.

Date	Informations
2021-05-04 12:12:40	Multiple Updates
2021-04-22 01:13:21	Multiple Updates
2021-01-27 09:23:01	Multiple Updates
2021-01-26 17:22:44	Multiple Updates
2020-05-23 01:42:53	Multiple Updates
2020-05-23 00:26:45	Multiple Updates
2016-04-26 20:10:47	Multiple Updates
2014-06-14 13:29:39	Multiple Updates
2014-02-17 10:58:11	Multiple Updates
2013-05-10 23:35:20	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	3
CPE ID(s)	474
Sources(s)	15
osvdb(s)	1
ExploitDB Exploit(s)	1
Openvas Exploit(s)	3
Nessus® Exploit(s)	9

	Related
4.3	RHSA-2010:1003
4.3	MDVSA-2010:256
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)