Users of CollabNet Subversion Edge Log Parser please be advised of a XSS/Code Injection vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
CollabNet-SA-09/21/2010: CollabNet Subversion Edge Log Parser XSS/Code Injection Vulnerability
Description:
There is a Cross Site Script (XSS) vulnerability that exists in CollabNet
Subversion Edge 1.2 and prior versions. This said vulnerability can be
exploited by sending a crafted request to the CollabNet Subversion. server.
When an administrator tries to view the log file then this XSS Code will get
executed.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/cCaGo9
No comments:
Post a Comment