FreeBSD Ports: Coppermine Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://coppermine.sourceforge.net/board/index.php?topic=17134.0 http://www.securityfocus.com/archive/1/396080 http://www.vuxml.org/freebsd/756db070-b9d4-11d9-ae81-000ae42e9b93.html

Insight

The following package is affected: coppermine CVE-2005-1172 Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter.

Severity

Classification

CVE CVE-2005-1172

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

FreeBSD Ports: apr0
FreeBSD Ports: apache+ssl
FreeBSD Ports: bogofilter, bogofilter-qdbm, bogofilter-tdb, ru-bogofilter
FreeBSD Ports: clamav
django -- denial-of-service attack

FreeBSD Ports: coppermine

Take action and discover your vulnerabilities