Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | New phpLDAPadmin packages fix cross-site scripting |
| Informations | |||
|---|---|---|---|
| Name | DSA-1057 | First vendor Publication | 2006-05-15 |
| Vendor | Debian | Last vendor Modification | 2006-05-15 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 2.6 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | High |
| Cvss Expoit Score | 4.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Several cross-site scripting vulnerabilities have been discovered in phpLDAPadmin, a web based interface for administering LDAP servers, tha allows remote attackers to inject arbitrary web script or HTML. The old stable distribution (woody) does not contain phpldapadmin packages. For the stable distribution (sarge) these problems have been fixed in version 0.9.5-3sarge3. For the unstable distribution (sid) these problems have been fixed in version 0.9.8.3-1. We recommend that you upgrade your phpldapadmin package. |
Original Source
| Url : http://www.debian.org/security/2006/dsa-1057 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 | |
| Os | 2 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-04 | Name : FreeBSD Ports: phpldapadmin098 File : nvt/freebsd_phpldapadmin098.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1057-1 (phpldapadmin) File : nvt/deb_1057_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 24794 | phpLDAPadmin template_engine.php Multiple Parameter XSS phpLDAPadmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Container DN', 'Machine Name', or 'UID Number' fields as well as the 'dn' variable upon submission to the template_engine.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 24793 | phpLDAPadmin search.php scope Parameter XSS phpLDAPadmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'scope' variable upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 24792 | phpLDAPadmin delete_form.php dn Parameter XSS phpLDAPadmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'dn' variable upon submission to the delete_form.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 24790 | phpLDAPadmin rename_form.php dn Parameter XSS phpLDAPadmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'dn' variable upon submission to the rename_form.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 24789 | phpLDAPadmin copy_form.php dn Parameter XSS phpLDAPadmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'dn' variable upon submission to the copy_form.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 24788 | phpLDAPadmin compare_form.php dn Parameter XSS phpLDAPadmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'dn' variable upon submission to the compare_form.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1057.nasl - Type : ACT_GATHER_INFO |
| 2006-05-15 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_6d78202ee2f911da867400123ffe8333.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:25:46 |
|
