RHEL 4 / 5 : htdig (RHSA-2007:1095)
Medium Nessus Plugin ID 29204
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionUpdated htdig packages that resolve a security issue are now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
The ht://Dig system is a complete World Wide Web indexing and searching system for a small domain or intranet.
A cross-site scripting flaw was discovered in a htdig search page. An attacker could construct a carefully crafted URL, which once visited by an unsuspecting user, could cause a user's Web browser to execute malicious script in the context of the visited htdig search Web page.
Users of htdig are advised to upgrade to these updated packages, which contain backported patch to resolve this issue.
SolutionUpdate the affected htdig and / or htdig-web packages.