|
|
>> Mandriva Security Update Fixes AWStats Cross Site Scripting Issue
|
Title : Mandriva Security Update Fixes AWStats Cross Site Scripting Issue
VUPEN ID : VUPEN/ADV-2008-2665
CVE ID : CVE-2008-3714
Rated as : Low Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-09-24
|
A vulnerability has been identified in Mandriva, which could be exploited by attackers to execute arbitrary scripting code. This issue is caused by an error in AWStats. For additional information, see : VUPEN/ADV-2008-2399
Affected Products
Mandriva Corporate 4.0
Solution
Upgrade the affected packages :
Corporate 4.0:
c71882fb1113bea7adf3f31a2947bb78 corporate/4.0/i586/awstats-6.4-4.1.20060mlcs4.noarch.rpm
cbeea61a4e0c77736931bfdb947a73e7 corporate/4.0/SRPMS/awstats-6.4-4.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
7d93335f21a8825e72bf88211ae50695 corporate/4.0/x86_64/awstats-6.4-4.1.20060mlcs4.noarch.rpm
cbeea61a4e0c77736931bfdb947a73e7 corporate/4.0/SRPMS/awstats-6.4-4.1.20060mlcs4.src.rpm
References
http://www.vupen.com/english/advisories/2008/2665
http://archives.mandrivalinux.com/security-announce/2008-09/msg00035.php
ChangeLog
2008-09-24 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
