NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2008-2929

Summary	Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping.
Publication Date	Aug. 30, 2008, 3:41 a.m.
Registration Date	Jan. 29, 2021, 1:38 p.m.
Last Update	Sept. 29, 2017, 10:31 a.m.

CVSS2.0 : MEDIUM
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:fedora:directory_server::::::::
cpe:2.3:a:redhat:directory_server:7.1:sp1::::::
cpe:2.3:a:redhat:directory_server:7.1:sp2::::::
cpe:2.3:a:redhat:directory_server:7.1:sp3::::::
cpe:2.3:a:redhat:directory_server:7.1:sp4::::::
cpe:2.3:a:redhat:directory_server:7.1:sp5::::::
cpe:2.3:a:redhat:directory_server:7.1:sp6::::::
cpe:2.3:a:redhat:directory_server:8.0:el4::::::
cpe:2.3:a:redhat:directory_server:8.0:el5::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861	HP
2	http://secunia.com/advisories/31565	SECUNIA
3	http://secunia.com/advisories/31612	SECUNIA
4	http://secunia.com/advisories/31702	SECUNIA
5	http://secunia.com/advisories/31777	SECUNIA
6	http://securitytracker.com/id?1020772	SECTRACK
7	http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html	CONFIRM	Patch
8	http://www.securityfocus.com/bid/30870	BID	Patch
9	http://www.vupen.com/english/advisories/2008/2480	VUPEN
10	https://bugzilla.redhat.com/show_bug.cgi?id=454621	CONFIRM
11	https://exchange.xforce.ibmcloud.com/vulnerabilities/44737	XF
12	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5877	OVAL
13	https://rhn.redhat.com/errata/RHSA-2008-0596.html	REDHAT
14	https://rhn.redhat.com/errata/RHSA-2008-0601.html	REDHAT
15	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00218.html	FEDORA
16	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00449.html	FEDORA

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html