'[oss-security] Re: XSS vulnerability in apt-cacher-ng'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: XSS vulnerability in apt-cacher-ng
From:       cve-assign () mitre ! org
Date:       2014-06-22 17:21:47
Message-ID: 201406221721.s5MHLlgt003958 () linus ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> The way for the attacker to exploit this is to redirect the user's
> browser in a LAN to apt-cacher-ng server (which address the attacker
> has to know) with a manipulated URL.
> 
> http://anonscm.debian.org/gitweb/?p=apt-cacher-ng/apt-cacher-ng.git;a=commit;h=6f08e6a3995d1bed4e837889a3945b6dc650f6ad
> 

Use CVE-2014-4510.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTpw+eAAoJEKllVAevmvmsjOkH/3W6Xz5VCheMUY3wbJ42/aMj
UNNNvjJc6UnFCs9svZgBQJjWeqH4YM3T0jhayFunJOm46nasrBGKkANl8Jk4RJl2
hM5UMl4nyKXJGR5IbNsSdzZ5lCa463juGzezU04N+qlthMnXFw1RJny0ezucYSPX
JIdx+vCdMAfSCaejLDiE/Gk8nv3QTYbfgOjUPtyOlnppZlRlGJX7jRao49T+zx1V
somdQ93TNr8N3yLmsD4ivNSeYoiaRrKQ0JnKGvM+hjIlFY2pP4fsA2cYyhj7F25/
UpABIlHveN8go0RlaIa7dzFXQjUrUZlVeuBVjPlpQl0A4OQxIqHLuyRNMYYHdhk=
=2TqM
-----END PGP SIGNATURE-----


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic