Vulnerabilities > CVE-2007-2808

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
gnu
yngve-svendsen
nessus
NVD
Published: 2007-05-22
Updated: 2024-11-21

Summary

Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter.

Vulnerable Configurations

Part Description Count
Application
Gnu
1
Application
Yngve_Svendsen
1

Nessus

NASL familyDebian Local Security Checks
NASL idDEBIAN_DSA-1486.NASL
description'r0t
last seen2020-06-01
modified2020-06-02
plugin id30155
published2008-02-05
reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/30155
titleDebian DSA-1486-1 : gnatsweb - XSS
code
#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1486. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(30155);
  script_version("1.14");
  script_cvs_date("Date: 2019/08/02 13:32:21");

  script_cve_id("CVE-2007-2808");
  script_xref(name:"DSA", value:"1486");

  script_name(english:"Debian DSA-1486-1 : gnatsweb - XSS");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"'r0t' discovered that gnatsweb, a web interface to GNU GNATS, did not
correctly sanitize the database parameter in the main CGI script. This
could allow the injection of arbitrary HTML, or JavaScript code."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=427156"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2008/dsa-1486"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the gnatsweb package.

For the stable distribution (etch), this problem has been fixed in
version 4.00-1etch1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gnatsweb");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/02/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"4.0", prefix:"gnatsweb", reference:"4.00-1etch1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

References