[Openvas-discuss] Double output in html

chris framheim at gmx.de
Thu Sep 1 13:53:25 CEST 2011


Hello maintainers,

since feedback is appreciated, here could be another bug.
Found that twice in the output, I diffed them and they are exactly the
same.

# aptitude show openvas-server openvas-scanner | grep -i version
Version: 2.0.3-3
Version: 3.2.4-1

Used the client 2.0.5 on Ubuntu again.

---8<---
Vulnerability found on port http (80/tcp)

        
        Overview: This host is installed with Dokuwiki and is prone to
        multiple Cross
        Site Scripting vulnerabilities.
        
        Vulnerability Insight:
        The flaws are due to error in 'ACL' Manager plugin
        (plugins/acl/ajax.php) that
        allows users to perform certain actions via HTTP requests
        without performing
        any validity checks.
        
        Impact:
        Successful exploitation allows attackers to conduct cross site
        request
        forgery attacks via unknown vectors.
        
        Impact Level: Application.
        
        Affected Software/OS:
        Dokuwiki versions prior to 2009-12-25c
        
        Fix: Update to version 2009-12-25c or later.
        For Updates Refer, http://www.splitbrain.org/go/dokuwiki
        
        References:
        http://secunia.com/advisories/38205
        http://www.vupen.com/english/advisories/2010/0150
        http://bugs.splitbrain.org/index.php?do=details&task_id=1853
        
        CVSS Score:
        CVSS Base Score : 6.8 (AV:N/AC:M/Au:NR/C:P/I:P/A:P)
        CVSS Temporal Score : 5.3
        Risk factor: High
        CVE : CVE-2010-0289
        OID : 1.3.6.1.4.1.25623.1.0.800989
---8<---




More information about the Openvas-discuss mailing list