RHEL 4 / 5 : htdig (RHSA-2007:1095)

Medium Nessus Plugin ID 29204


The remote Red Hat host is missing one or more security updates.


Updated htdig packages that resolve a security issue are now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

The ht://Dig system is a complete World Wide Web indexing and searching system for a small domain or intranet.

A cross-site scripting flaw was discovered in a htdig search page. An attacker could construct a carefully crafted URL, which once visited by an unsuspecting user, could cause a user's Web browser to execute malicious script in the context of the visited htdig search Web page.

Users of htdig are advised to upgrade to these updated packages, which contain backported patch to resolve this issue.


Update the affected htdig and / or htdig-web packages.

See Also



Plugin Details

Severity: Medium

ID: 29204

File Name: redhat-RHSA-2007-1095.nasl

Version: $Revision: 1.18 $

Type: local

Agent: unix

Published: 2007/12/04

Modified: 2016/12/29

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:ND

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:htdig, p-cpe:/a:redhat:enterprise_linux:htdig-web, cpe:/o:redhat:enterprise_linux:4, cpe:/o:redhat:enterprise_linux:4.6, cpe:/o:redhat:enterprise_linux:5, cpe:/o:redhat:enterprise_linux:5.1

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/12/03

Vulnerability Publication Date: 2005/02/03

Reference Information

CVE: CVE-2007-6110

BID: 26610

OSVDB: 13520, 40229

RHSA: 2007:1095

CWE: 79