Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 258779 (CVE-2009-0417)

Summary: <dev-php5/agavi-0.11.6 AgaviWebRouting::gen(null) XSS (CVE-2009-0417)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: jaak, php-bugs
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~3 [noglsa]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2009-02-12 20:29:15 UTC 
CVE-2009-0417 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0417):
  Cross-site scripting (XSS) vulnerability in the
  AgaviWebRouting::gen(null) method in Agavi 0.11 before 0.11.6 and 1.0
  before 1.0.0 beta 8 allows remote attackers to inject arbitrary web
  script or HTML via a crafted URL with certain characters that are not
  properly handled by web browsers that do not strictly follow RFC
  3986, such as Internet Explorer 6 and 7.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2009-03-04 16:44:33 UTC 
ping
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2009-07-15 15:45:02 UTC 
ping, php herd please bump
Comment 3 Jaak Ristioja 2010-07-23 08:58:53 UTC 
There is no <dev-php5/agavi-1.0.3 in portage any more.
Comment 4 Stefan Behte (RETIRED) gentoo-dev Security 2010-08-01 12:13:31 UTC 
Got bumped, XSS -> Closing noglsa.