Details of VAR-201103-0172

ID

VAR-201103-0172

CVE

CVE-2011-0728

TITLE

Loggerhead of templatefunctions.py Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2011-004224

DESCRIPTION

Cross-site scripting (XSS) vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view. Loggerhead is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or launch other attacks. Loggerhead versions prior to 1.18.1 are vulnerable. The following print servers are affected: Encore ENPS-2012 TP-Link TL-PS110U TP Link TL-PS110P Planex Mini-300PU Planex Mini100s ZO Tech PA101 Fast Parallel Port Print Server ZO Tech PU201 Fast USB Print Server ZO Tech PA301 Parallel Port Print Server ZO Tech PS531 USB and Parallel Print Server Longshine Multiple Print Server ZOT-PS-47/9.8.0015 Longshine Multiple Print Server ZOT-PS-35/6.2.0001 Longshine Multiple Print Server ZOT-PS-39/6.3.000. This fixes a vulnerability, which can be exploited by malicious users to conduct script insertion attacks. For more information: SA43822 SOLUTION: Apply updated packages via the yum utility ("yum update loggerhead"). ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: Loggerhead Filename Script Insertion Vulnerability SECUNIA ADVISORY ID: SA43822 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43822/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43822 RELEASE DATE: 2011-03-25 DISCUSS ADVISORY: http://secunia.com/advisories/43822/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43822/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43822 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: daveb has reported a vulnerability in loggerhead, which can be exploited by malicious users to conduct script insertion attacks. Input related to the filename is not properly sanitised in loggerhead/templatefunctions.py before being used to display a filename in a revision view. The vulnerability has been reported in version 1.18. SOLUTION: Update to version 1.18.1. PROVIDED AND/OR DISCOVERED BY: Reported by daveb in a bug report. ORIGINAL ADVISORY: https://launchpad.net/loggerhead/1.18/1.18.1 https://bugs.launchpad.net/loggerhead/+bug/740142 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.34

sources: NVD: CVE-2011-0728 // JVNDB: JVNDB-2011-004224 // BID: 47032 // BID: 47143 // PACKETSTORM: 100083 // PACKETSTORM: 99744

AFFECTED PRODUCTS

vendor:	michael hudson doyle	model:	loggerhead	scope:	eq	version:	1.6.1	Trust: 1.6
vendor:	michael hudson doyle	model:	loggerhead	scope:	eq	version:	1.17	Trust: 1.6
vendor:	michael hudson doyle	model:	loggerhead	scope:	eq	version:	1.10	Trust: 1.6
vendor:	michael hudson doyle	model:	loggerhead	scope:	eq	version:	1.6	Trust: 1.6
vendor:	michael hudson doyle	model:	loggerhead	scope:	lte	version:	1.18	Trust: 1.0
vendor:	michael hudson doyle	model:	loggerhead	scope:	lt	version:	1.18.1	Trust: 0.8
vendor:	michael hudson doyle	model:	loggerhead	scope:	eq	version:	1.18	Trust: 0.6
vendor:	loggerhead	model:	loggerhead	scope:	eq	version:	1.18	Trust: 0.3
vendor:	loggerhead	model:	loggerhead	scope:	ne	version:	1.18.1	Trust: 0.3
vendor:	zo	model:	tech zot-ps-47	scope:	eq	version:	9.8.0016	Trust: 0.3
vendor:	zo	model:	tech zot-ps-39	scope:	eq	version:	6.3.0007	Trust: 0.3
vendor:	zo	model:	tech zot-ps-34	scope:	eq	version:	8.3.0019	Trust: 0.3
vendor:	zo	model:	tech zot-ps-30	scope:	eq	version:	8.3.0016	Trust: 0.3
vendor:	tp link	model:	tl-ps110u	scope:	eq	version:	0	Trust: 0.3
vendor:	tp link	model:	tl-ps110p	scope:	eq	version:	0	Trust: 0.3
vendor:	planex	model:	mini100s	scope:	eq	version:	0	Trust: 0.3
vendor:	planex	model:	mini-300pu	scope:	eq	version:	0	Trust: 0.3
vendor:	encore	model:	nps-2012 print server	scope:	eq	version:	0	Trust: 0.3

sources: BID: 47032 // BID: 47143 // JVNDB: JVNDB-2011-004224 // CNNVD: CNNVD-201103-335 // NVD: CVE-2011-0728

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-0728
value:	LOW
Trust: 1.0
NVD:	CVE-2011-0728
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201103-335
value:	LOW
Trust: 0.6

nvd@nist.gov:	CVE-2011-0728
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2011-004224 // CNNVD: CNNVD-201103-335 // NVD: CVE-2011-0728

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2011-004224 // NVD: CVE-2011-0728

THREAT TYPE

network

Trust: 0.6

sources: BID: 47032 // BID: 47143

TYPE

Input Validation Error

Trust: 0.6

sources: BID: 47032 // BID: 47143

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-004224

PATCH

title:

Bug #740142

url:

https://bugs.launchpad.net/loggerhead/+bug/740142

Trust: 0.8

sources: JVNDB: JVNDB-2011-004224

EXTERNAL IDS

db:	NVD	id:	CVE-2011-0728	Trust: 3.0
db:	BID	id:	47032	Trust: 1.9
db:	SECUNIA	id:	43822	Trust: 1.7
db:	OSVDB	id:	71279	Trust: 1.6
db:	SECUNIA	id:	44017	Trust: 1.1
db:	VUPEN	id:	ADV-2011-0849	Trust: 1.0
db:	VUPEN	id:	ADV-2011-0848	Trust: 1.0
db:	JVNDB	id:	JVNDB-2011-004224	Trust: 0.8
db:	XF	id:	66305	Trust: 0.6
db:	CNNVD	id:	CNNVD-201103-335	Trust: 0.6
db:	BID	id:	47143	Trust: 0.3
db:	PACKETSTORM	id:	100083	Trust: 0.1
db:	PACKETSTORM	id:	99744	Trust: 0.1

sources: BID: 47032 // BID: 47143 // JVNDB: JVNDB-2011-004224 // PACKETSTORM: 100083 // PACKETSTORM: 99744 // CNNVD: CNNVD-201103-335 // NVD: CVE-2011-0728

REFERENCES

url:	https://launchpad.net/loggerhead/1.18/1.18.1	Trust: 2.0
url:	https://bugs.launchpad.net/loggerhead/+bug/740142	Trust: 2.0
url:	http://www.securityfocus.com/bid/47032	Trust: 1.6
url:	http://www.osvdb.org/71279	Trust: 1.6
url:	http://secunia.com/advisories/43822	Trust: 1.6
url:	http://lists.fedoraproject.org/pipermail/package-announce/2011-april/057479.html	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2011-april/057502.html	Trust: 1.1
url:	http://secunia.com/advisories/44017	Trust: 1.0
url:	http://lists.fedoraproject.org/pipermail/package-announce/2011-april/057413.html	Trust: 1.0
url:	http://www.vupen.com/english/advisories/2011/0848	Trust: 1.0
url:	http://www.vupen.com/english/advisories/2011/0849	Trust: 1.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/66305	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0728	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0728	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/66305	Trust: 0.6
url:	https://launchpad.net/loggerhead	Trust: 0.3
url:	http://www.encore-usa.com	Trust: 0.3
url:	http://www.longshine.de	Trust: 0.3
url:	http://www.planex.net	Trust: 0.3
url:	http://www.tp-link.com	Trust: 0.3
url:	http://www.zot.com.tw/	Trust: 0.3
url:	http://secunia.com/products/corporate/evm/	Trust: 0.2
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.2
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.2
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.2
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.2
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.2
url:	http://secunia.com/advisories/44017/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=44017	Trust: 0.1
url:	http://secunia.com/advisories/44017/#comments	Trust: 0.1
url:	http://secunia.com/resources/factsheets/2011_vendor/	Trust: 0.1
url:	http://secunia.com/advisories/43822/#comments	Trust: 0.1
url:	http://secunia.com/company/events/mms_2011/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=43822	Trust: 0.1
url:	http://secunia.com/advisories/43822/	Trust: 0.1

sources: BID: 47032 // BID: 47143 // JVNDB: JVNDB-2011-004224 // PACKETSTORM: 100083 // PACKETSTORM: 99744 // CNNVD: CNNVD-201103-335 // NVD: CVE-2011-0728

CREDITS

daveb

Trust: 0.3

sources: BID: 47032

SOURCES

db:	BID	id:	47032
db:	BID	id:	47143
db:	JVNDB	id:	JVNDB-2011-004224
db:	PACKETSTORM	id:	100083
db:	PACKETSTORM	id:	99744
db:	CNNVD	id:	CNNVD-201103-335
db:	NVD	id:	CVE-2011-0728

LAST UPDATE DATE

2025-04-11T22:56:27.880000+00:00

SOURCES UPDATE DATE

db:	BID	id:	47032	date:	2015-04-13T22:15:00
db:	BID	id:	47143	date:	2011-04-04T00:00:00
db:	JVNDB	id:	JVNDB-2011-004224	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201103-335	date:	2011-03-31T00:00:00
db:	NVD	id:	CVE-2011-0728	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	BID	id:	47032	date:	2011-03-24T00:00:00
db:	BID	id:	47143	date:	2011-04-04T00:00:00
db:	JVNDB	id:	JVNDB-2011-004224	date:	2012-03-27T00:00:00
db:	PACKETSTORM	id:	100083	date:	2011-04-05T09:58:32
db:	PACKETSTORM	id:	99744	date:	2011-03-26T09:15:16
db:	CNNVD	id:	CNNVD-201103-335	date:	2011-03-30T00:00:00
db:	NVD	id:	CVE-2011-0728	date:	2011-03-29T18:55:01.723