Bug 629585 - (CVE-2010-3070) CVE-2010-3070 php-nusoap: XSS vulnerability due improper escaping of URLs
CVE-2010-3070 php-nusoap: XSS vulnerability due improper escaping of URLs
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,source=gentoo,public=...
: Security
Depends On:
Blocks: 633011
  Show dependency treegraph
 
Reported: 2010-09-02 09:14 EDT by Gianluca Sforna
Modified: 2016-03-04 06:27 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-02-21 16:34:33 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Gianluca Sforna 2010-09-02 09:14:08 EDT
Bogdan Calin at at Acunetix discovered a XSS vulnerability in NuSOAP 0.9.5

All details in:
http://sourceforge.net/projects/nusoap/forums/forum/193579/topic/3834005
Comment 1 Gianluca Sforna 2010-09-02 09:46:47 EDT
An patch is provided at:

http://www.mantisbt.org/bugs/view.php?id=12312
Comment 2 Fedora Update System 2010-09-02 23:21:48 EDT
php-nusoap-0.9.5-1.fc12 has been submitted as an update for Fedora 12.
https://admin.fedoraproject.org/updates/php-nusoap-0.9.5-1.fc12
Comment 3 Fedora Update System 2010-09-02 23:21:53 EDT
php-nusoap-0.9.5-1.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/php-nusoap-0.9.5-1.fc13
Comment 4 Fedora Update System 2010-09-02 23:21:57 EDT
php-nusoap-0.9.5-1.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/php-nusoap-0.9.5-1.fc14
Comment 5 Fedora Update System 2010-09-02 23:22:01 EDT
php-nusoap-0.9.5-1.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/php-nusoap-0.9.5-1.el5
Comment 6 Fedora Update System 2010-09-03 12:43:30 EDT
php-nusoap-0.9.5-1.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update php-nusoap'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/php-nusoap-0.9.5-1.fc14
Comment 7 Fedora Update System 2010-09-03 17:56:23 EDT
php-nusoap-0.9.5-1.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update php-nusoap'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/php-nusoap-0.9.5-1.el5
Comment 8 Jan Lieskovsky 2010-09-12 08:58:13 EDT
Moving this bug to Security Response Product, as it is record for security
issue. Thank you for addressing the issue.
Comment 9 Jan Lieskovsky 2010-09-12 08:59:58 EDT
The CVE identifier of CVE-2010-3070 has been assigned to this issue:
[1] http://www.openwall.com/lists/oss-security/2010/09/07/4
Comment 10 Jan Lieskovsky 2010-09-12 09:18:01 EDT
Fedora mantis bug:
[2] https://bugzilla.redhat.com/show_bug.cgi?id=633011
Comment 11 Gianluca Sforna 2011-02-21 16:34:33 EST
Looks like the update has been pushed to stable but the issue was not closed. doing it now.

Note You need to log in before you can comment on or make changes to this bug.