Bug 629585 (CVE-2010-3070) - CVE-2010-3070 php-nusoap: XSS vulnerability due improper escaping of URLs
Summary: CVE-2010-3070 php-nusoap: XSS vulnerability due improper escaping of URLs
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2010-3070
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 633011
TreeView+ depends on / blocked
 
Reported: 2010-09-02 13:14 UTC by Gianluca Sforna
Modified: 2019-09-29 12:39 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-02-21 21:34:33 UTC


Attachments (Terms of Use)

Description Gianluca Sforna 2010-09-02 13:14:08 UTC
Bogdan Calin at at Acunetix discovered a XSS vulnerability in NuSOAP 0.9.5

All details in:
http://sourceforge.net/projects/nusoap/forums/forum/193579/topic/3834005

Comment 1 Gianluca Sforna 2010-09-02 13:46:47 UTC
An patch is provided at:

http://www.mantisbt.org/bugs/view.php?id=12312

Comment 2 Fedora Update System 2010-09-03 03:21:48 UTC
php-nusoap-0.9.5-1.fc12 has been submitted as an update for Fedora 12.
https://admin.fedoraproject.org/updates/php-nusoap-0.9.5-1.fc12

Comment 3 Fedora Update System 2010-09-03 03:21:53 UTC
php-nusoap-0.9.5-1.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/php-nusoap-0.9.5-1.fc13

Comment 4 Fedora Update System 2010-09-03 03:21:57 UTC
php-nusoap-0.9.5-1.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/php-nusoap-0.9.5-1.fc14

Comment 5 Fedora Update System 2010-09-03 03:22:01 UTC
php-nusoap-0.9.5-1.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/php-nusoap-0.9.5-1.el5

Comment 6 Fedora Update System 2010-09-03 16:43:30 UTC
php-nusoap-0.9.5-1.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update php-nusoap'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/php-nusoap-0.9.5-1.fc14

Comment 7 Fedora Update System 2010-09-03 21:56:23 UTC
php-nusoap-0.9.5-1.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update php-nusoap'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/php-nusoap-0.9.5-1.el5

Comment 8 Jan Lieskovsky 2010-09-12 12:58:13 UTC
Moving this bug to Security Response Product, as it is record for security
issue. Thank you for addressing the issue.

Comment 9 Jan Lieskovsky 2010-09-12 12:59:58 UTC
The CVE identifier of CVE-2010-3070 has been assigned to this issue:
[1] http://www.openwall.com/lists/oss-security/2010/09/07/4

Comment 10 Jan Lieskovsky 2010-09-12 13:18:01 UTC
Fedora mantis bug:
[2] https://bugzilla.redhat.com/show_bug.cgi?id=633011

Comment 11 Gianluca Sforna 2011-02-21 21:34:33 UTC
Looks like the update has been pushed to stable but the issue was not closed. doing it now.


Note You need to log in before you can comment on or make changes to this bug.