CNNVD-ID编号 | CNNVD-200912-349 |
CVE编号 | CVE-2009-4416 |
发布时间 | 2009-07-22 |
更新时间 | 2009-12-25 |
漏洞类型 | 跨站脚本 |
漏洞来源 | N/A |
危险等级 | 中危 |
威胁类型 | 远程 |
厂 商 | phpgroupware |
phpGroupWare是一个用PHP编写的多用户的网络组件,为开发其他程序提供了一个API。
没有正确地过滤提交给login.php页面的以phpgw_开始的查询参数名便返回给了用户,这可能导致跨站脚本攻击。
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Debian Linux 5.0 alpha
Debian phpgroupware-0.9.16-addressbook_0.9.16.012+dfsg-8+lenny1_all.deb
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupwa re-0.9.16-addressbook_0.9.16.012+dfsg-8+lenny1_all.deb
Debian phpgroupware-0.9.16-admin_0.9.16.012+dfsg-8+lenny1_all.deb
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupwa re-0.9.16-admin_0.9.16.012+dfsg-8+lenny1_all.deb
Debian phpgroupware-0.9.16-calendar_0.9.16.012+dfsg-8+lenny1_all.deb
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupwa re-0.9.16-calendar_0.9.16.012+dfsg-8+lenny1_all.deb
Debian phpgroupware-0.9.16-core-base_0.9.16.012+dfsg-8+lenny1_all.deb
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupwa re-0.9.16-core-base_0.9.16.012+dfsg-8+lenny1_all.deb
Debian phpgroupware-0.9.16-core_0.9.16.012+dfsg-8+lenny1_all.deb
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupwa re-0.9.16-core_0.9.16.012+dfsg-8+lenny1_all.deb
Debian phpgroupware-0.9.16-doc_0.9.16.012+dfsg-8+lenny1_all.deb
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupwa re-0.9.16-doc_0.9.16.012+dfsg-8+lenny1_all.deb
Debian phpgroupware-0.9.16-email_0.9.16.012+dfsg-8+lenny1_all.deb
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupwa re-0.9.16-email_0.9.16.012+dfsg-8+lenny1_all.deb
Debian phpgroupware-0.9.16-filemanager_0.9.16.012+dfsg-8+lenny1_all.deb
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupwa re-0.9.16-filemanager_0.9.16.012+dfsg-8+lenny1_all.deb
Debian phpgroupware-0.9.16-manual_0.9.16.012+dfsg-8+lenny1_all.deb
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupwa re-0.9.16-manual_0.9.16.012+dfsg-8+lenny1_all.deb
Debian phpgroupware-0.9.16-news-admin_0.9.16.012+dfsg-8+lenny1_all.deb
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupwa re-0.9.16-news-admin_0.9.16.012+dfsg-8+lenny1_all.deb
Debian phpgroupware-0.9.16-notes_0.9.16.012+dfsg-8+lenny1_all.deb
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupwa re-0.9.16-notes_0.9.16.012+dfsg-8+lenny1_all.deb
来源: MISC
链接:http://kambing.ui.ac.id/gentoo-portage/www-apps/phpgroupware/files/phpgroupware-SA35519.patch
来源: XF
名称: phpgroupware-query-xss(51923)
来源: BID
名称: 35761
来源: OSVDB
名称: 56179
来源: MLIST
名称: [oss-security] 20091220 CVE request: phpgroupware
来源: svn.savannah.gnu.org
链接:http://svn.savannah.gnu.org/viewvc?view=rev&root=phpgroupware&sortby=date&revision=19117
来源: svn.savannah.gnu.org
来源: svn.savannah.gnu.org