Turbolinux Local Security Tests : Turbolinux TLSA-2003-49 (perl)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52956

Categoría: Turbolinux Local Security Tests

Título: Turbolinux TLSA-2003-49 (perl)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to perl
announced via advisory TLSA-2003-49.

Perl is a high-level programming language with roots in C, sed, awk and shell scripting.
A cross-site scripting vulnerability exists in the start_form() function from CGI.pm

This vulnerability may allow an attacker to execute arbitrary web script
within the context of the generated page.

Solution: Please use the turbopkg (zabom) tool to apply the update.
https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2003-49

Risk factor : Medium

CVSS Score:
4.3

Referencia Cruzada: BugTraq ID: 8231
Common Vulnerability Exposure (CVE) ID: CVE-2003-0615
http://www.securityfocus.com/bid/8231
Bugtraq: 20030720 CGI.pm vulnerable to Cross-site Scripting (Google Search)
http://marc.info/?l=bugtraq&m=105880349328877&w=2
Bugtraq: 20030806 [OpenPKG-SA-2003.036] OpenPKG Security Advisory (perl-www) (Google Search)
http://marc.info/?l=bugtraq&m=106018783704468&w=2
CERT/CC vulnerability note: VU#246409
http://www.kb.cert.org/vuls/id/246409
Computer Incident Advisory Center Bulletin: N-155
http://www.ciac.org/ciac/bulletins/n-155.shtml
Conectiva Linux advisory: CLA-2003:713
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000713
Debian Security Information: DSA-371 (Google Search)
http://www.debian.org/security/2003/dsa-371
http://marc.info/?l=full-disclosure&m=105875211018698&w=2
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470
http://www.redhat.com/support/errata/RHSA-2003-256.html
SCO Security Bulletin: CSSA-2003-SCO.30
http://securitytracker.com/id?1007234
http://secunia.com/advisories/13638
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1
XForce ISS Database: cgi-startform-xss(12669)
https://exchange.xforce.ibmcloud.com/vulnerabilities/12669

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52956
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2003-49 (perl)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to perl announced via advisory TLSA-2003-49. Perl is a high-level programming language with roots in C, sed, awk and shell scripting. A cross-site scripting vulnerability exists in the start_form() function from CGI.pm This vulnerability may allow an attacker to execute arbitrary web script within the context of the generated page. Solution: Please use the turbopkg (zabom) tool to apply the update. https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2003-49 Risk factor : Medium CVSS Score: 4.3
Referencia Cruzada:	BugTraq ID: 8231 Common Vulnerability Exposure (CVE) ID: CVE-2003-0615 http://www.securityfocus.com/bid/8231 Bugtraq: 20030720 CGI.pm vulnerable to Cross-site Scripting (Google Search) http://marc.info/?l=bugtraq&m=105880349328877&w=2 Bugtraq: 20030806 [OpenPKG-SA-2003.036] OpenPKG Security Advisory (perl-www) (Google Search) http://marc.info/?l=bugtraq&m=106018783704468&w=2 CERT/CC vulnerability note: VU#246409 http://www.kb.cert.org/vuls/id/246409 Computer Incident Advisory Center Bulletin: N-155 http://www.ciac.org/ciac/bulletins/n-155.shtml Conectiva Linux advisory: CLA-2003:713 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000713 Debian Security Information: DSA-371 (Google Search) http://www.debian.org/security/2003/dsa-371 http://marc.info/?l=full-disclosure&m=105875211018698&w=2 http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470 http://www.redhat.com/support/errata/RHSA-2003-256.html SCO Security Bulletin: CSSA-2003-SCO.30 http://securitytracker.com/id?1007234 http://secunia.com/advisories/13638 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1 XForce ISS Database: cgi-startform-xss(12669) https://exchange.xforce.ibmcloud.com/vulnerabilities/12669
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com