FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
91afa94c-c452-11da-8bff-000ae42e9b93mod_pubcookie -- cross site scripting vulnerability

Nathan Dors of the Pubcookie Project reports:

Non-persistent XSS vulnerabilities were found in the Pubcookie Apache module (mod_pubcookie) and ISAPI filter. These components mishandle untrusted data when printing responses to the browser. This makes them vulnerable to carefully crafted requests containing script or HTML. If an attacker can lure an unsuspecting user to visit carefully staged content, the attacker can use it to redirect the user to a vulnerable Pubcookie application server and attempt to exploit the XSS vulnerabilities.

These vulnerabilities are classified as *high* due to the nature and purpose of Pubcookie application servers for user authentication and Web Single Sign-on (SSO). An attacker who injects malicious script through the vulnerabilities might steal private Pubcookie data including a user's authentication assertion ("granting") cookies and application session cookies.


Discovery 2006-03-06
Entry 2006-04-05
mod_pubcookie
< 3.3.0

314540