Bug 399561 - (CVE-2007-6110) CVE-2007-6110 htdig htsearch XSS vulnerability
CVE-2007-6110 htdig htsearch XSS vulnerability
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 401111 401121 401131 401141
  Show dependency treegraph
Reported: 2007-11-26 10:40 EST by Tomas Hoger
Modified: 2016-03-04 07:29 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-12-20 06:43:56 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch from Michael Skibbe (reporter of the issue) (1.10 KB, patch)
2007-11-28 04:03 EST, Tomas Hoger
no flags Details | Diff

  None (edit)
Description Tomas Hoger 2007-11-26 10:40:19 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6110 to the following vulnerability:

Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6
allows remote attackers to inject arbitrary web script or HTML via the
sort parameter.

Comment 5 Tomas Hoger 2007-11-28 04:03:35 EST
Created attachment 271081 [details]
Patch from Michael Skibbe (reporter of the issue)

Replaces error message:

  No such sort method: `<user supplied input here>'

with simple:

  invalid sort method
Comment 6 Adam Tkac 2007-11-28 04:53:55 EST
Patch looks fine

Note You need to log in before you can comment on or make changes to this bug.