CERTA-2004-AVI-305
Vulnerability from certfr_avis - Published: 2004-09-08 - Updated: 2004-09-08
Une vulnérabilité dans OpenCA permet à un utilisateur mal intentionné d'injecter du code malicieux dans une page HTML.
Description
OpenCA est une autorité de certification Open Source basée sur de
nombreux produits du monde du logiciel libre tels OpenLDAP, OpenSSL,
Apache et Apache mod_ssl.
Une vulnérabilité de type Cross Site Scripting (XSS) permet à un
utilisateur mal intentionné d'injecter du code HTML malicieux.
Solution
- Pour la branche stable, mettre à jour OpenCA en version 0.9.1-9 ou supérieure ;
- pour la branche de développement, mettre à jour OpenCA via CVS.
Site Internet de téléchargement de OpenCA :
http://www.openca.org/openca/downloads.shtml
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Pour la branche stable, OpenCA version 0.9.1-8 et versions ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "pour la branche de d\u00e9veloppement, OpenCA version 0.9.2 RC6 et versions ant\u00e9rieures.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nOpenCA est une autorit\u00e9 de certification Open Source bas\u00e9e sur de\nnombreux produits du monde du logiciel libre tels OpenLDAP, OpenSSL,\nApache et Apache mod_ssl. \nUne vuln\u00e9rabilit\u00e9 de type Cross Site Scripting (XSS) permet \u00e0 un\nutilisateur mal intentionn\u00e9 d\u0027injecter du code HTML malicieux.\n\n## Solution\n\n- Pour la branche stable, mettre \u00e0 jour OpenCA en version 0.9.1-9 ou\n sup\u00e9rieure ;\n- pour la branche de d\u00e9veloppement, mettre \u00e0 jour OpenCA via CVS. \n\nSite Internet de t\u00e9l\u00e9chargement de OpenCA :\n\n http://www.openca.org/openca/downloads.shtml\n",
"cves": [],
"initial_release_date": "2004-09-08T00:00:00",
"last_revision_date": "2004-09-08T00:00:00",
"links": [
{
"title": "Site Internet de OpenCA :",
"url": "http://www.openca.org/openca/"
}
],
"reference": "CERTA-2004-AVI-305",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2004-09-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans OpenCA permet \u00e0 un utilisateur mal intentionn\u00e9\nd\u0027injecter du code malicieux dans une page HTML.\n",
"title": "Vuln\u00e9rabilit\u00e9 de OpenCA",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 OpenCA du 06 septembre 2004",
"url": "http://www.openca.org/news/CAN-2004-0787.txt"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…