Jump to content

Advisories MDVSA-2011:003: MHonArc


Recommended Posts

Multiple vulnerabilities has been found and corrected in MHonArc:


MHonArc 2.6.16 allows remote attackers to cause a denial of service

(CPU consumption) via start tags that are placed within other start

tags, as demonstrated by a <bo<bo<bo<bo<body>dy>dy>dy>dy> sequence,

a different vulnerability than CVE-2010-4524 (CVE-2010-1677).


Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in

MHonArc 2.6.16 allows remote attackers to inject arbitrary web script

or HTML via a malformed start tag and end tag for a SCRIPT element,

as demonstrated by <scr<body>ipt> and </scr<body>ipt> sequences



Packages for 2009.0 are provided as of the Extended Maintenance

Program. Please visit this link to learn more:



The updated packages have been upgraded to the latest version (2.6.18)

which is not vulnerable to these issues.

Link to comment
Share on other sites

This topic is now closed to further replies.

  • Create New...