ejabberd是一个分布式的使用容错技术构建的即时消息应用程序。
ejabberd 2.0.4版本之前的版本中存在跨站脚本攻击漏洞。远程攻击者可以借助与链接和MUC日志相关的未知向量,注入任意web脚本或HTML。
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Debian Linux 5.0 hppa
Debian ejabberd_2.0.1-6+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_hppa.deb
Debian Linux 5.0 ia-64
Debian ejabberd_2.0.1-6+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_ia64.deb
Debian Linux 5.0 arm
Debian ejabberd_2.0.1-6+lenny1_arm.deb
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_arm.deb
Debian Linux 5.0 armel
Debian ejabberd_2.0.1-6+lenny1_armel.deb
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_armel.deb
Debian Linux 5.0 amd64
Debian ejabberd_2.0.1-6+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_amd64.deb
Debian Linux 5.0 alpha
Debian ejabberd_2.0.1-6+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_alpha.deb
Debian Linux 5.0 ia-32
Debian ejabberd_2.0.1-6+lenny1_i386.deb
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_i386.deb
Debian Linux 5.0 mips
Debian ejabberd_2.0.1-6+lenny1_mips.deb
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_mips.deb
Debian Linux 5.0 s/390
Debian ejabberd_2.0.1-6+lenny1_s390.deb
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_s390.deb
Debian Linux 5.0 powerpc
Debian ejabberd_2.0.1-6+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_powerpc.deb
Debian Linux 5.0 sparc
Debian ejabberd_2.0.1-6+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_sparc.deb
来源: FEDORA
名称: FEDORA-2009-2746
链接: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00735.html
来源: FEDORA
名称: FEDORA-2009-2747
链接: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00675.html
来源: XF
名称: ejabberd-chatroom-xss(49289)
链接: http://xforce.iss.net/xforce/xfdb/49289
来源: BID
名称: 34133
链接: http://www.securityfocus.com/bid/34133
来源: www.process-one.net
链接: http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_204
来源: MLIST
名称: [oss-security] 20090316 CVE request: XSS in MUC logs of ejabberd
链接: http://www.openwall.com/lists/oss-security/2009/03/16/1
来源: DEBIAN
名称: DSA-1774
链接: http://www.debian.org/security/2009/dsa-1774
来源: SECUNIA
名称: 34781
链接: http://secunia.com/advisories/34781
来源: SECUNIA
名称: 34354
链接: http://secunia.com/advisories/34354
来源: SECUNIA
名称: 34340
链接: http://secunia.com/advisories/34340
来源: OSVDB
名称: 52714
链接: http://osvdb.org/52714
暂无
发布时间 Oct 27, 2014
发布时间 Oct 21, 2013
发布时间 Nov 23, 2011
发布时间 Jun 3, 2011
发布时间 Jan 29, 2010