Vulnerabilities > CVE-2001-0835 - Unspecified vulnerability in Bradford Barrett Webalizer
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | CGI abuses : XSS |
NASL id | WEBALIZER.NASL |
description | Webalizer, a web server log analysis application, was detected on the remote host. This version of Webalizer has multiple cross-site scripting vulnerabilities that could allow malicious HTML tags to be injected in the reports. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 10816 |
published | 2001-12-03 |
reporter | This script is Copyright (C) 2001-2018 Alert4Web.com |
source | https://www.tenable.com/plugins/nessus/10816 |
title | Webalizer < 2.01-09 Multiple XSS |
code |
|
Redhat
advisories |
|
References
- http://lists.suse.com/archives/suse-security-announce/2001-Nov/0001.html
- http://marc.info/?l=bugtraq&m=100394630702875&w=2
- http://www.linuxsecurity.com/advisories/other_advisory-1677.html
- http://www.mrunix.net/webalizer/news.html
- http://www.redhat.com/support/errata/RHSA-2001-140.html
- http://www.redhat.com/support/errata/RHSA-2001-141.html
- http://www.securityfocus.com/bid/3473
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7350
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7351