|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial of service
From: dann frazier (dannf
dannf.org)
Date: Tue Jun 12 2007 - 11:37:07 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Jun 11, 2007 at 02:18:10PM +0400, 3APA3A wrote:
> Dear dann frazier,
>
>
> Can you please provide valid CVE for this advisory, if any?
>
> CVE-2007-2524 is Cross-site scripting (XSS) vulnerability in index.pl
> in OTRS (Open Ticket Request System) 2.0.x allows remote attackers to
> inject arbitrary web script or HTML via the Subaction parameter in an
> AgentTicketMailbox Action.
This has already been corrected here:
http://www.debian.org/security/2007/dsa-1299
--
dann frazier
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]