VRDA Feed
by
Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
|
[ about VRDA Feed
| JPCERT/CC
]
|
|
|
|
|
|
Vulnerability Analysis Result (Revision No : 1)
|
[ Download XML
]
|
|
CVE-2010-3070
|
|
nusoap: Cross-site scripting (XSS) vulnerability in NuSOAP ...
|
|
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3070 |
|
Original
Cross-site scripting (XSS) vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to an arbitrary PHP script that uses NuSOAP classes.
|
|
|
|
|
About This Analysis Information
|
Analysis Information Provider:
|
NIST NVD
|
First Published:
|
2010-09-28
|
Source Information Category:
|
Advisory, Alert
|
Last Updated:
|
2010-09-29
|
|
|
|
|
Affected Product Tags
|
|
cpe:/a:dietrich_ayala:nusoap:0.9.5
|
|
|
|
|
|
Vulnerability Analysis Results
|
|
[Access Vector]
[?]
|
|
Undefined [?] |
|
Local [?] |
|
Adjacent Network [?] |
|
|
Network [?] |
|
|
[Access Complexit]
[?]
|
|
Undefined [?] |
|
High [?] |
|
Medium [?] |
|
|
Low [?] |
|
|
[Authentication]
[?]
|
|
Undefined [?] |
|
None [?] |
|
|
[Confidentiality Impact]
[?]
|
|
Undefined [?] |
|
None [?] |
|
Partial [?] |
|
|
Complete [?] |
|
|
[Integrity Impact]
[?]
|
|
Undefined [?] |
|
None [?] |
|
Partial [?] |
|
|
Complete [?] |
|
|
[Availability Impact]
[?]
|
|
Undefined [?] |
|
None [?] |
|
Partial [?] |
|
|
Complete [?] |
|
|
Alternatives
|
|
|
|
|
References
|
|
BID 42959 |
|
|
|
|
|
|
|
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=633011 |
|
|
|
|
|
|
|
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=629585 |
|
|
|
|
|
|
|
CONFIRM http://www.mantisbt.org/bugs/view.php?id=12312 |
|
|
|
|
|
|
|
CONFIRM http://sourceforge.net/projects/nusoap/forums/forum/193579/topic/3834005 |
|
|
|
|
|
|
|
CONFIRM http://git.mantisbt.org/?p=mantisbt.git;a=commit;h=edb817991b99cd5538f102be26865fde7c6b7212 |
|
|
|
|
|
|
|
CONFIRM http://git.debian.org/?p=users/olberger-guest/nusoap.git;a=blobdiff;f=debian/patches/595248.patch;h=11202fa70433b62aeab7dfc68af668329bc0fe7e;hp=6af3d725fe74d839764d9755c5bb18458a192518;hb=3ac7a26a49086c6b91fb79e5acafcfcdc5d6980a;hpb=268f03b88c6900d1a87b17734c248c705c22cb07 |
|
|
|
|
|
|
|
CONFIRM http://git.debian.org/?p=users/olberger-guest/nusoap.git;a=blob;f=debian/patches/595248.patch;h=6af3d725fe74d839764d9755c5bb18458a192518;hb=268f03b88c6900d1a87b17734c248c705c22cb07 |
|
|
|
|
|
|
|
CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595248 |
|
|
|
|
|
|
|
FEDORA FEDORA-2010-14100 |
|
|
|
|
|
|
|
FEDORA FEDORA-2010-14098 |
|
|
|
|
|
|
|
MLIST [oss-security] 20100907 Re: CVE request: XSS in nusoap |
|
|
|
|
|
|
|
MLIST [oss-security] 20100903 CVE request: XSS in nusoap |
|
|
|
|
|
|
|
MLIST [mantisbt-announce] 20100914 MantisBT 1.2.3 Released |
|
|
|
|
|
|
|
Vulnerability Type Cross-Site Scripting (XSS) (CWE-79) |
|
|
|
|
|
|
|
|
Copyright © 2010 JPCERT/CC All Rights Reserved. |