漏洞信息详情

Process-One ejabberd MUC日志跨站脚本攻击漏洞

漏洞简介

ejabberd是一个分布式的使用容错技术构建的即时消息应用程序。

ejabberd 2.0.4版本之前的版本中存在跨站脚本攻击漏洞。远程攻击者可以借助与链接和MUC日志相关的未知向量,注入任意web脚本或HTML。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

Debian Linux 5.0 hppa

Debian ejabberd_2.0.1-6+lenny1_hppa.deb

http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_hppa.deb

Debian Linux 5.0 ia-64

Debian ejabberd_2.0.1-6+lenny1_ia64.deb

http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_ia64.deb

Debian Linux 5.0 arm

Debian ejabberd_2.0.1-6+lenny1_arm.deb

http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_arm.deb

Debian Linux 5.0 armel

Debian ejabberd_2.0.1-6+lenny1_armel.deb

http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_armel.deb

Debian Linux 5.0 amd64

Debian ejabberd_2.0.1-6+lenny1_amd64.deb

http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_amd64.deb

Debian Linux 5.0 alpha

Debian ejabberd_2.0.1-6+lenny1_alpha.deb

http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_alpha.deb

Debian Linux 5.0 ia-32

Debian ejabberd_2.0.1-6+lenny1_i386.deb

http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_i386.deb

Debian Linux 5.0 mips

Debian ejabberd_2.0.1-6+lenny1_mips.deb

http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_mips.deb

Debian Linux 5.0 s/390

Debian ejabberd_2.0.1-6+lenny1_s390.deb

http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_s390.deb

Debian Linux 5.0 powerpc

Debian ejabberd_2.0.1-6+lenny1_powerpc.deb

http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_powerpc.deb

Debian Linux 5.0 sparc

Debian ejabberd_2.0.1-6+lenny1_sparc.deb

http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_sparc.deb

参考网址

来源: FEDORA

名称: FEDORA-2009-2746

链接: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00735.html

来源: FEDORA

名称: FEDORA-2009-2747

链接: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00675.html

来源: XF

名称: ejabberd-chatroom-xss(49289)

链接: http://xforce.iss.net/xforce/xfdb/49289

来源: BID

名称: 34133

链接: http://www.securityfocus.com/bid/34133

来源: www.process-one.net

链接: http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_204

来源: MLIST

名称: [oss-security] 20090316 CVE request: XSS in MUC logs of ejabberd

链接: http://www.openwall.com/lists/oss-security/2009/03/16/1

来源: DEBIAN

名称: DSA-1774

链接: http://www.debian.org/security/2009/dsa-1774

来源: SECUNIA

名称: 34781

链接: http://secunia.com/advisories/34781

来源: SECUNIA

名称: 34354

链接: http://secunia.com/advisories/34354

来源: SECUNIA

名称: 34340

链接: http://secunia.com/advisories/34340

来源: OSVDB

名称: 52714

链接: http://osvdb.org/52714

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多