ID de Prueba:	1.3.6.1.4.1.25623.1.0.901115
Categoría:	Web Servers
Título:	Caucho Resin < 4.0.7 Multiple XSS Vulnerabilities - Active Check
Resumen:	Caucho Resin is prone to multiple cross-site scripting (XSS); vulnerabilities.
Descripción:	Summary: Caucho Resin is prone to multiple cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: The flaw is caused by improper validation of user-supplied input via the 'digest_username' and 'digest_realm' parameters in resin-admin/digest.php that allows the attackers to insert arbitrary HTML and script code. Vulnerability Impact: Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site. Affected Software/OS: Caucho Resin Professional 3.1.5, 3.1.10 and 4.0.6 are known to be affected. Other versions might be affected as well. Solution: Update to version 4.0.7 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2032 BugTraq ID: 40251 http://www.securityfocus.com/bid/40251 Bugtraq: 20100518 Caucho Technology Resin digest.php Cross Site Scripting Vulnerability (Google Search) http://www.securityfocus.com/archive/1/511341/100/0/threaded http://packetstormsecurity.org/1005-exploits/cauchoresin312-xss.txt http://secunia.com/advisories/39839 http://www.vupen.com/english/advisories/2010/1201 XForce ISS Database: caucho-resin-digest-xss(58733) https://exchange.xforce.ibmcloud.com/vulnerabilities/58733
Copyright	Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.