oval:org.mitre.oval:def:13473

Definition Id: oval:org.mitre.oval:def:13473

Oval ID:	oval:org.mitre.oval:def:13473
Title:	DSA-1882-1 xapian-omega -- missing input sanitisation
Description:	It was discovered that xapian-omega, a CGI interface for searching xapian databases, is not properly escaping user supplied input when printing exceptions. An attacker can use this to conduct cross-site scripting attacks via crafted search queries resulting in an exception and steal potentially sensitive data from web applications running on the same domain or embedding the search engine into a website. For the oldstable distribution, this problem has been fixed in version 0.9.9-1+etch1. For the stable distribution, this problem has been fixed in version 1.0.7-3+lenny1. For the testing and unstable distribution, this problem will be fixed soon. We recommend that you upgrade your xapian-omega packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1882-1 CVE-2009-2947	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	xapian-omega
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND xapian-omega DPKG is earlier than 1.0.7-3+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND xapian-omega DPKG is earlier than 0.9.9-1+etch1

Definition Id: oval:org.mitre.oval:def:6513

Oval ID:	oval:org.mitre.oval:def:6513
Title:	Debian GNU/Linux 5.0 is installed
Description:	Debian GNU/Linux 5.0 (lenny) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:5.0	Version:	7
Platform(s):	Debian GNU/Linux 5.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 5.0 is installed
Referenced By:
oval:org.mitre.oval:def:13473

Definition Id: oval:org.mitre.oval:def:6461

Oval ID:	oval:org.mitre.oval:def:6461
Title:	Debian GNU/Linux 4.0 is installed.
Description:	Debian GNU/Linux 4.0 (etch) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:4.0	Version:	9
Platform(s):	Debian GNU/Linux 4.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 4.0 is installed
Referenced By:
oval:org.mitre.oval:def:13473

Copyright Security-Database 2006-2025 - Powered by themself ;) in 0.0246s

Facebook rss twitter linkedin mail