Bugtraq: Re: [SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial of service

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: [SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial of service

From: dann frazier <dannf () dannf org>
Date: Tue, 12 Jun 2007 10:37:07 -0600

On Mon, Jun 11, 2007 at 02:18:10PM +0400, 3APA3A wrote:

Dear dann frazier,


 Can you please provide valid CVE for this advisory, if any?

 CVE-2007-2524  is  Cross-site scripting (XSS) vulnerability in index.pl
 in  OTRS  (Open Ticket Request System) 2.0.x allows remote attackers to
 inject  arbitrary  web script or HTML via the Subaction parameter in an
 AgentTicketMailbox Action.


This has already been corrected here:
  http://www.debian.org/security/2007/dsa-1299

-- 
dann frazier

By Date By Thread

Current thread:

[SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial of service dann frazier (Jun 07)
- Re: [SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial of service 3APA3A (Jun 11)
  - Re: [SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial of service dann frazier (Jun 12)