oss-sec mailing list archives

Re: XSS vulnerability in apt-cacher-ng

From: cve-assign () mitre org
Date: Sun, 22 Jun 2014 13:21:47 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The way for the attacker to exploit this is to redirect the user's
browser in a LAN to apt-cacher-ng server (which address the attacker
has to know) with a manipulated URL.

http://anonscm.debian.org/gitweb/?p=apt-cacher-ng/apt-cacher-ng.git;a=commit;h=6f08e6a3995d1bed4e837889a3945b6dc650f6ad


Use CVE-2014-4510.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTpw+eAAoJEKllVAevmvmsjOkH/3W6Xz5VCheMUY3wbJ42/aMj
UNNNvjJc6UnFCs9svZgBQJjWeqH4YM3T0jhayFunJOm46nasrBGKkANl8Jk4RJl2
hM5UMl4nyKXJGR5IbNsSdzZ5lCa463juGzezU04N+qlthMnXFw1RJny0ezucYSPX
JIdx+vCdMAfSCaejLDiE/Gk8nv3QTYbfgOjUPtyOlnppZlRlGJX7jRao49T+zx1V
somdQ93TNr8N3yLmsD4ivNSeYoiaRrKQ0JnKGvM+hjIlFY2pP4fsA2cYyhj7F25/
UpABIlHveN8go0RlaIa7dzFXQjUrUZlVeuBVjPlpQl0A4OQxIqHLuyRNMYYHdhk=
=2TqM
-----END PGP SIGNATURE-----

Current thread:

Re: XSS vulnerability in apt-cacher-ng Yves-Alexis Perez (Jun 21)
- Re: XSS vulnerability in apt-cacher-ng cve-assign (Jun 22)