Published:2004/12/15  Last Updated:2008/05/21

JVN#904429FE
Namazu cross-site scripting vulnerability

Overview

Namazu is vulnerable to cross-site scripting due to a problem in namazu.cgi. If an illegal character is specified in a string search of namazu.cgi, the subsequent characters are not processed properly.

Products Affected

  • Namazu 2.0.13 and earlier

Description

Impact

All sites that use namazu.cgi for search processing on websites are vulnerable to cross-site scripting that allows an attacker to falsify web pages or steal cookie information.

Solution

Vendor Status

Vendor Status Last Update Vendor Notes
Namazu Project Vulnerable 2004/12/15

References

JPCERT/CC Addendum

Credit

HIRT (Hitachi Incident Response Team) and IIJ-SECT (IIJGroup Security Coordination Team) reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2004-000554

Update History