Debian Security Advisory DSA 1523-1 (ikiwiki) Network Vulnerability

Summary

The remote host is missing an update to ikiwiki announced via advisory DSA 1523-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201523-1

Insight

Josh Triplett discovered that ikiwiki did not block Javascript in URLs, leading to cross-site scripting vulnerabilities (CVE-2008-0808, CVE-2008-0809). For the stable distribution (etch), this problem has been fixed in version 1.33.4. For the unstable distribution (sid), this problem has been fixed in version 2.31.1. The old stable distribution (sarge) did not contain an ikiwiki package. We recommend that you upgrade your ikiwiki package.

Severity

Classification

CVE CVE-2008-0808, CVE-2008-0809

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 067-1 (apache,apache-ssl)
Debian Security Advisory DSA 1061-1 (popfile)
Debian Security Advisory DSA 109-1 (faqomatic)
Debian Security Advisory DSA 004-1 (nano)
Debian Security Advisory DSA 1075-1 (awstats)

Take action and discover your vulnerabilities