CVE-2005-0085

Current Description

Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.

Basic Data

PublishedApril 27, 2005
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationHtdigHtdig3.1.5*******
    2.3ApplicationHtdigHtdig3.1.5_7*******
    2.3ApplicationHtdigHtdig3.1.5_8*******
    2.3ApplicationHtdigHtdig3.1.6*******
    2.3ApplicationHtdigHtdig3.2.0*******
    2.3ApplicationHtdigHtdig3.2.0b2*******
    2.3ApplicationHtdigHtdig3.2.0b3*******
    2.3ApplicationHtdigHtdig3.2.0b4*******
    2.3ApplicationHtdigHtdig3.2.0b5*******
    2.3ApplicationHtdigHtdig3.2.0b6*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSMandrakesoftMandrake Linux10.0*******
    2.3OSMandrakesoftMandrake Linux10.0*amd64*****
    2.3OSMandrakesoftMandrake Linux10.1*******
    2.3OSMandrakesoftMandrake Linux10.1*x86_64*****
    2.3OSMandrakesoftMandrake Linux Corporate Server2.1*******
    2.3OSMandrakesoftMandrake Linux Corporate Server2.1*x86_64*****
    2.3OSMandrakesoftMandrake Linux Corporate Server3.0*******
    2.3OSMandrakesoftMandrake Linux Corporate Server3.0*x86_64*****
    2.3OSRedhatFedora Corecore_3.0*******
    2.3OSSuseSuse Linux8.0*******
    2.3OSSuseSuse Linux8.0*i386*****
    2.3OSSuseSuse Linux8.1*******
    2.3OSSuseSuse Linux8.2*******
    2.3OSSuseSuse Linux9.0*******
    2.3OSSuseSuse Linux9.0*x86_64*****
    2.3OSSuseSuse Linux9.1*******
    2.3OSSuseSuse Linux9.2*******

Vulnerable Software List

VendorProductVersions
Htdig Htdig 3.1.5, 3.1.5_7, 3.1.5_8, 3.1.6, 3.2.0, 3.2.0b2, 3.2.0b3, 3.2.0b4, 3.2.0b5, 3.2.0b6
Redhat Fedora Core core_3.0
Mandrakesoft Mandrake Linux 10.0, 10.1
Mandrakesoft Mandrake Linux Corporate Server 2.1, 3.0
Suse Suse Linux 8.0, 8.1, 8.2, 9.0, 9.1, 9.2

References

NameSourceURLTags
SCOSA-2005.46ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.46/SCOSA-2005.46.txtSCO
14255http://secunia.com/advisories/14255SECUNIA
14276http://secunia.com/advisories/14276SECUNIA
14303http://secunia.com/advisories/14303SECUNIA
14795http://secunia.com/advisories/14795SECUNIA
15007http://secunia.com/advisories/15007SECUNIA
17414http://secunia.com/advisories/17414SECUNIA
17415http://secunia.com/advisories/17415SECUNIA
1013078http://securitytracker.com/id?1013078SECTRACK
DSA-680http://www.debian.org/security/2005/dsa-680DEBIANPatch Vendor Advisory
GLSA-200502-16http://www.gentoo.org/security/en/glsa/glsa-200502-16.xmlGENTOO
MDKSA-2005:063http://www.mandriva.com/security/advisories?name=MDKSA-2005:063MANDRAKE
FLSA-2006:152907http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00002.htmlFEDORA
RHSA-2005:073http://www.redhat.com/support/errata/RHSA-2005-073.htmlREDHAT
RHSA-2005:090http://www.redhat.com/support/errata/RHSA-2005-090.htmlREDHAT
12442http://www.securityfocus.com/bid/12442BIDPatch Vendor Advisory
htdig-config-xss(19223)https://exchange.xforce.ibmcloud.com/vulnerabilities/19223XF
oval:org.mitre.oval:def:10878https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10878OVAL