Jump to content

Advisories MDVSA-2011:003: MHonArc


paul
 Share

Recommended Posts

Multiple vulnerabilities has been found and corrected in MHonArc:

 

MHonArc 2.6.16 allows remote attackers to cause a denial of service

(CPU consumption) via start tags that are placed within other start

tags, as demonstrated by a <bo<bo<bo<bo<body>dy>dy>dy>dy> sequence,

a different vulnerability than CVE-2010-4524 (CVE-2010-1677).

 

Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in

MHonArc 2.6.16 allows remote attackers to inject arbitrary web script

or HTML via a malformed start tag and end tag for a SCRIPT element,

as demonstrated by <scr<body>ipt> and </scr<body>ipt> sequences

(CVE-2010-4524).

 

Packages for 2009.0 are provided as of the Extended Maintenance

Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

 

The updated packages have been upgraded to the latest version (2.6.18)

which is not vulnerable to these issues.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...