oval:org.mitre.oval:def:13657

Definition Id: oval:org.mitre.oval:def:13657
 
Oval ID: oval:org.mitre.oval:def:13657
Title: DSA-1829-2 sork-passwd-h3 -- insufficient input sanitising
Description: The previous update introduced a regression in main.php, causing the module to fail. This update corrects the flaw. For reference the original advisory text is below. It was discovered that sork-passwd-h3, a Horde3 module for users to change their password, is prone to a cross-site scripting attack via the backend parameter. For the oldstable distribution, this problem has been fixed in version 3.0-2+etch2. For the stable distribution, this problem has been fixed in version 3.0-2+lenny2. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 3.1-1.2. We recommend that you upgrade your sork-passwd-h3 packages.
Family: unix Class: patch
Reference(s): DSA-1829-2
CVE-2009-2360
 Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
 Product(s): sork-passwd-h3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6513
 
Oval ID: oval:org.mitre.oval:def:6513
Title: Debian GNU/Linux 5.0 is installed
Description: Debian GNU/Linux 5.0 (lenny) is installed
Family: unix Class: inventory
Reference(s): cpe:/o:debian:debian_gnu/linux:5.0
 Version: 7
Platform(s): Debian GNU/Linux 5.0
 Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:13657
Definition Id: oval:org.mitre.oval:def:6461
 
Oval ID: oval:org.mitre.oval:def:6461
Title: Debian GNU/Linux 4.0 is installed.
Description: Debian GNU/Linux 4.0 (etch) is installed
Family: unix Class: inventory
Reference(s): cpe:/o:debian:debian_gnu/linux:4.0
 Version: 9
Platform(s): Debian GNU/Linux 4.0
 Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:13657