CERTA-2004-AVI-305
Vulnerability from certfr_avis

Une vulnérabilité dans OpenCA permet à un utilisateur mal intentionné d'injecter du code malicieux dans une page HTML.

Description

OpenCA est une autorité de certification Open Source basée sur de nombreux produits du monde du logiciel libre tels OpenLDAP, OpenSSL, Apache et Apache mod_ssl.
Une vulnérabilité de type Cross Site Scripting (XSS) permet à un utilisateur mal intentionné d'injecter du code HTML malicieux.

Solution

  • Pour la branche stable, mettre à jour OpenCA en version 0.9.1-9 ou supérieure ;
  • pour la branche de développement, mettre à jour OpenCA via CVS.

Site Internet de téléchargement de OpenCA :

http://www.openca.org/openca/downloads.shtml
None
Impacted products
Vendor Product Description
N/A N/A Pour la branche stable, OpenCA version 0.9.1-8 et versions antérieures ;
N/A N/A pour la branche de développement, OpenCA version 0.9.2 RC6 et versions antérieures.
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Pour la branche stable, OpenCA version 0.9.1-8 et versions ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "pour la branche de d\u00e9veloppement, OpenCA version 0.9.2 RC6 et versions ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nOpenCA est une autorit\u00e9 de certification Open Source bas\u00e9e sur de\nnombreux produits du monde du logiciel libre tels OpenLDAP, OpenSSL,\nApache et Apache mod_ssl.  \nUne vuln\u00e9rabilit\u00e9 de type Cross Site Scripting (XSS) permet \u00e0 un\nutilisateur mal intentionn\u00e9 d\u0027injecter du code HTML malicieux.\n\n## Solution\n\n-   Pour la branche stable, mettre \u00e0 jour OpenCA en version 0.9.1-9 ou\n    sup\u00e9rieure ;\n-   pour la branche de d\u00e9veloppement, mettre \u00e0 jour OpenCA via CVS.  \n\nSite Internet de t\u00e9l\u00e9chargement de OpenCA :\n\n    http://www.openca.org/openca/downloads.shtml\n",
  "cves": [],
  "initial_release_date": "2004-09-08T00:00:00",
  "last_revision_date": "2004-09-08T00:00:00",
  "links": [
    {
      "title": "Site Internet de OpenCA :",
      "url": "http://www.openca.org/openca/"
    }
  ],
  "reference": "CERTA-2004-AVI-305",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2004-09-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans OpenCA permet \u00e0 un utilisateur mal intentionn\u00e9\nd\u0027injecter du code malicieux dans une page HTML.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de OpenCA",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 OpenCA du 06 septembre 2004",
      "url": "http://www.openca.org/news/CAN-2004-0787.txt"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.