Информационная безопасность
[RU] switch to English


Дополнительная информация

  Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  SEC Consult SA-20140805-0 :: Multiple vulnerabilities in Readsoft Invoice Processing and Process Director

  Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities

  XSS, FPD and RCE vulnerabilities in DZS Video Gallery for WordPress

  [SECURITY] [DSA 2997-1] reportbug security update

From:Romano, Christian <cromano_(at)_caanes.com>
Date:26 августа 2014 г.
Subject:ArcGIS for Server Vulnerability Disclosure



Product: ArcGIS for Server
Vendor: ESRI
Vulnerable Version: 10.1.1
Tested Version: 10.1.1
Vendor Notification: June 19, 2014
Public Disclosure: August 15, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-5121
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Discovered and Provided: CAaNES (Computational Analysis and Network
Enterprise Solutions)

Advisory Details:

Reflected Cross-Site Scripting (XSS) in ArcGIS for Server: CVE-2014-5121

Multiple vectors of unsanitized data input from application query
parameters allows an attacker to execute arbitrary JavaScript code
using a malicious URL link.

Product: ArcGIS for Server
Vendor: ESRI
Vulnerable Version: 10.1.1
Tested Version: 10.1.1
Vendor Notification: June 19, 2014
Public Disclosure: August 15, 2014
Vulnerability Type: Open Redirect [CWE-20]
CVE Reference: CVE-2014-5122
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Discovered and Provided: CAaNES (Computational Analysis and Network
Enterprise Solutions)

Advisory Details:

Open Redirect in ArcGIS for Server: CVE-2014-5122

Using a crafted URL, upon login, the user's browser is redirected to
an attacker controlled parameter.

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород