Published:2005/11/16 Last Updated:2008/05/21
JVN#30451602
HTTPD-User-Manage cross-site scripting vulnerability
Overview
HTTPD-User-Manage is a set of Perl modules for managing user authentication information for web servers. It contains a cross-site scripting vulnerability in its CGI as it does not properly validate input strings.
This problem does not occur when only the library for managing database is solely used.
Products Affected
- HTTPD-User-Manage 1.62 and earlier
Description
Impact
A malicious script may be executed on the web browser of the user who can access HTTPD-User-Manage.
Solution
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| RICOH COMPANY, LTD. | Not Vulnerable | 2005/11/16 | |
| Turbolinux, Inc. | Not Vulnerable | 2005/11/16 | |
| Allied Telesis K.K. | Not Vulnerable | 2005/11/16 | |
| FUJITSU LIMITED | Not Vulnerable | 2005/11/16 | |
| Hitachi | Not Vulnerable | 2005/11/17 | |
| JustSystems Corporation | Unknown | 2005/11/16 | |
| NEC Corporation | Not Vulnerable | 2005/11/16 | |
| Cybozu, Inc. | Not Vulnerable | 2005/11/16 | |
| Century Systems Co., Ltd. | Not Vulnerable | 2005/11/16 | |
| Trend Micro Incorporated | Unknown | 2005/11/16 | |
| Yamaha Corporation | Unknown | 2005/11/16 |
| Vendor | Link |
| cpan |
HTTPD-User-Manage-1.63 |
References
JPCERT/CC Addendum
Credit
Kiyotaka Doumae of IIJ reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2005-000795 |