Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
| Bug#: 203085 | Product: Gentoo Security | Version: unspecified | Platform: All |
| OS/Version: Linux | Status: RESOLVED | Severity: minor | Priority: P2 |
| Resolution: FIXED | Assigned To: security@gentoo.org | Reported By: rbu@gentoo.org | |
| Component: Vulnerabilities | |||
| URL: http://sourceforge.net/project/shownotes.php?release_id=562168 | |||
| Summary: sys-cluster/ganglia < 3.0.6 Multiple cross-site scripting issues (CVE-2007-6465) | |||
| Keywords: | |||
| Status Whiteboard: B4 [noglsa] | |||
| Opened: 2007-12-22 21:34 0000 | |||
| Description: | Opened: 2007-12-22 21:34 0000 |
CVE-2007-6465 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6465): Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and (10) st parameters to (b) web/graph.php; and the (11) c, (12) G, (13) h, (14) r, (15) m, (16) s, (17) cr, (18) hc, (19) sh, (20) p, (21) t, (22) jr, (23) js, (24) gw, (25) z, and (26) gs parameters to (c) web/get_context.php. NOTE: some of these details are obtained from third party information.
HP-Cluster herd, please advise.
Bug 172206 contains updated ebuilds.
Thanks a lot. Arches, please test and mark stable sys-cluster/ganglia-3.0.6. Target keywords : "x86"
Voting NO and closing.