FreeBSD : htdig -- XSS vulnerability (673aec6f-1cae-11da-bc01-000e0c2e438a)

This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Michael Krax reports a vulnerability within htdig. The vulnerability
lies within an unsanitized config parameter, allowing a malicious
attacker to execute arbitrary scripting code on the target's browser.
This might allow the attacker to obtain the user's cookies which are
associated with the site, including cookies used for authentication.

See also :

http://www.securitytracker.com/alerts/2005/Feb/1013078.html
http://www.nessus.org/u?eafb712c

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:H/RL:OF/RC:ND)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21443 (freebsd_pkg_673aec6f1cae11dabc01000e0c2e438a.nasl)

Bugtraq ID: 12442

CVE ID: CVE-2005-0085

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now