Jump to content
Sign in to follow this  
paul

Advisories MDVSA-2011:003: MHonArc

Recommended Posts

Multiple vulnerabilities has been found and corrected in MHonArc:

 

MHonArc 2.6.16 allows remote attackers to cause a denial of service

(CPU consumption) via start tags that are placed within other start

tags, as demonstrated by a <bo<bo<bo<bo<body>dy>dy>dy>dy> sequence,

a different vulnerability than CVE-2010-4524 (CVE-2010-1677).

 

Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in

MHonArc 2.6.16 allows remote attackers to inject arbitrary web script

or HTML via a malformed start tag and end tag for a SCRIPT element,

as demonstrated by <scr<body>ipt> and </scr<body>ipt> sequences

(CVE-2010-4524).

 

Packages for 2009.0 are provided as of the Extended Maintenance

Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

 

The updated packages have been upgraded to the latest version (2.6.18)

which is not vulnerable to these issues.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...