Vulnerability-Lookup

CVE-2011-2694 (GCVE-0-2011-2694)

Vulnerability from cvelistv5 – Published: 2011-07-29 20:00 – Updated: 2024-08-06 23:08

Summary

Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.itrc.hp.com/service/cki/docDisplay.do?…	vendor-advisoryx_refsource_HP
	http://securitytracker.com/id?1025852	vdb-entryx_refsource_SECTRACK
	http://jvn.jp/en/jp/JVN63041502/index.html	third-party-advisoryx_refsource_JVN
	http://www.debian.org/security/2011/dsa-2290	vendor-advisoryx_refsource_DEBIAN
	http://osvdb.org/74072	vdb-entryx_refsource_OSVDB
	http://secunia.com/advisories/45393	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/45496	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/45488	third-party-advisoryx_refsource_SECUNIA
	http://samba.org/samba/history/samba-3.5.10.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/48901	vdb-entryx_refsource_BID
	http://www.itrc.hp.com/service/cki/docDisplay.do?…	vendor-advisoryx_refsource_HP
	https://bugzilla.samba.org/show_bug.cgi?id=8289	x_refsource_CONFIRM
	http://www.samba.org/samba/security/CVE-2011-2694	x_refsource_CONFIRM
	http://ubuntu.com/usn/usn-1182-1	vendor-advisoryx_refsource_UBUNTU
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://bugzilla.redhat.com/show_bug.cgi?id=722537	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:08:23.785Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2011:121",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:121"
          },
          {
            "name": "HPSBNS02701",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543"
          },
          {
            "name": "1025852",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1025852"
          },
          {
            "name": "JVN#63041502",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN63041502/index.html"
          },
          {
            "name": "DSA-2290",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2290"
          },
          {
            "name": "74072",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/74072"
          },
          {
            "name": "45393",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45393"
          },
          {
            "name": "45496",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45496"
          },
          {
            "name": "45488",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45488"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://samba.org/samba/history/samba-3.5.10.html"
          },
          {
            "name": "48901",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/48901"
          },
          {
            "name": "SSRT100598",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.samba.org/show_bug.cgi?id=8289"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.samba.org/samba/security/CVE-2011-2694"
          },
          {
            "name": "USN-1182-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-1182-1"
          },
          {
            "name": "samba-user-xss(68844)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68844"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=722537"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-07-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "MDVSA-2011:121",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:121"
        },
        {
          "name": "HPSBNS02701",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543"
        },
        {
          "name": "1025852",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1025852"
        },
        {
          "name": "JVN#63041502",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN63041502/index.html"
        },
        {
          "name": "DSA-2290",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2290"
        },
        {
          "name": "74072",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/74072"
        },
        {
          "name": "45393",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45393"
        },
        {
          "name": "45496",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45496"
        },
        {
          "name": "45488",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45488"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://samba.org/samba/history/samba-3.5.10.html"
        },
        {
          "name": "48901",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/48901"
        },
        {
          "name": "SSRT100598",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.samba.org/show_bug.cgi?id=8289"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.samba.org/samba/security/CVE-2011-2694"
        },
        {
          "name": "USN-1182-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-1182-1"
        },
        {
          "name": "samba-user-xss(68844)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68844"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=722537"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-2694",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDVSA-2011:121",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:121"
            },
            {
              "name": "HPSBNS02701",
              "refsource": "HP",
              "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543"
            },
            {
              "name": "1025852",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1025852"
            },
            {
              "name": "JVN#63041502",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN63041502/index.html"
            },
            {
              "name": "DSA-2290",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2290"
            },
            {
              "name": "74072",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/74072"
            },
            {
              "name": "45393",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45393"
            },
            {
              "name": "45496",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45496"
            },
            {
              "name": "45488",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45488"
            },
            {
              "name": "http://samba.org/samba/history/samba-3.5.10.html",
              "refsource": "CONFIRM",
              "url": "http://samba.org/samba/history/samba-3.5.10.html"
            },
            {
              "name": "48901",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/48901"
            },
            {
              "name": "SSRT100598",
              "refsource": "HP",
              "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543"
            },
            {
              "name": "https://bugzilla.samba.org/show_bug.cgi?id=8289",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.samba.org/show_bug.cgi?id=8289"
            },
            {
              "name": "http://www.samba.org/samba/security/CVE-2011-2694",
              "refsource": "CONFIRM",
              "url": "http://www.samba.org/samba/security/CVE-2011-2694"
            },
            {
              "name": "USN-1182-1",
              "refsource": "UBUNTU",
              "url": "http://ubuntu.com/usn/usn-1182-1"
            },
            {
              "name": "samba-user-xss(68844)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68844"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=722537",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=722537"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-2694",
    "datePublished": "2011-07-29T20:00:00.000Z",
    "dateReserved": "2011-07-11T00:00:00.000Z",
    "dateUpdated": "2024-08-06T23:08:23.785Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2011-2694

Vulnerability from fkie_nvd - Published: 2011-07-29 20:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://jvn.jp/en/jp/JVN63041502/index.html	Third Party Advisory
secalert@redhat.com	http://osvdb.org/74072	Broken Link
secalert@redhat.com	http://samba.org/samba/history/samba-3.5.10.html	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/45393	Not Applicable, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/45488	Not Applicable, Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/45496	Not Applicable, Third Party Advisory
secalert@redhat.com	http://securitytracker.com/id?1025852	Broken Link, Third Party Advisory, VDB Entry
secalert@redhat.com	http://ubuntu.com/usn/usn-1182-1	Third Party Advisory
secalert@redhat.com	http://www.debian.org/security/2011/dsa-2290	Third Party Advisory
secalert@redhat.com	http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543	Broken Link, Third Party Advisory
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2011:121	Broken Link
secalert@redhat.com	http://www.samba.org/samba/security/CVE-2011-2694	Vendor Advisory
secalert@redhat.com	http://www.securityfocus.com/bid/48901	Third Party Advisory, VDB Entry
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=722537	Issue Tracking, Patch
secalert@redhat.com	https://bugzilla.samba.org/show_bug.cgi?id=8289	Issue Tracking, Patch
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/68844	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN63041502/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/74072	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://samba.org/samba/history/samba-3.5.10.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45393	Not Applicable, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45488	Not Applicable, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45496	Not Applicable, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1025852	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://ubuntu.com/usn/usn-1182-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2290	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543	Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2011:121	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.samba.org/samba/security/CVE-2011-2694	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/48901	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=722537	Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.samba.org/show_bug.cgi?id=8289	Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/68844	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
samba	samba	*
samba	samba	*
samba	samba	*
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	10.04
canonical	ubuntu_linux	10.10
canonical	ubuntu_linux	11.04
debian	debian_linux	5.0
debian	debian_linux	6.0
debian	debian_linux	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A7FE6F3-F8CF-46C6-94B8-2717A3BBA803",
              "versionEndExcluding": "3.3.16",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5559D1ED-F753-4842-9F4A-F78C54817835",
              "versionEndExcluding": "3.4.14",
              "versionStartIncluding": "3.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7738DB4A-F424-481F-93C0-4C1DEBABAABD",
              "versionEndExcluding": "3.5.10",
              "versionStartIncluding": "3.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en la funci\u00f3n chg_passwd en web/swat.c en la herramienta de administraci\u00f3n web de Samba (SWAT) en Samba v3.x antes de v3.5.10 permite inyectar scripts web o HTML a administradores remotos autenticados a trav\u00e9s del par\u00e1metro nombre de usuario del programa passwd (Es decir, el campo de usuario a la p\u00e1gina Cambiar contrase\u00f1a)."
    }
  ],
  "id": "CVE-2011-2694",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-07-29T20:55:02.220",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN63041502/index.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/74072"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://samba.org/samba/history/samba-3.5.10.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Not Applicable",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/45393"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/45488"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/45496"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1025852"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://ubuntu.com/usn/usn-1182-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2290"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:121"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.samba.org/samba/security/CVE-2011-2694"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/48901"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=722537"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.samba.org/show_bug.cgi?id=8289"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68844"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN63041502/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/74072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://samba.org/samba/history/samba-3.5.10.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/45393"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/45488"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/45496"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1025852"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://ubuntu.com/usn/usn-1182-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2290"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:121"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.samba.org/samba/security/CVE-2011-2694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/48901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=722537"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.samba.org/show_bug.cgi?id=8289"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68844"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

JVNDB-2011-002111

Vulnerability from jvndb - Published: 2011-08-26 17:14 - Updated:2012-12-26 11:42

Severity ?

N/A (UNKNOWN) - -

Summary

Samba Web Administration Tool vulnerable to cross-site scripting

Details

Samba Web Administration Tool contains a cross-site scripting vulnerability. Samba Web Administration Tool (SWAT) allows for Samba configuration through a web interface. SWAT contains a cross-site scripting vulnerability. SWAT is disabled in a default configuration of Samba. nobuhiro tsuji of NTT DATA INTELLILINK CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN63041502/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2694
	SECUNIA	http://secunia.com/advisories/45393
	BID	http://www.securityfocus.com/bid/48901
	XF	http://xforce.iss.net/xforce/xfdb/68844
	SECTRACK	http://www.securitytracker.com/id?1025852
	OSVDB	http://osvdb.org/74072
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Red Hat, Inc.	Red Hat Enterprise Linux Server EUS
	Samba Project	Samba
	VMware	VMware ESX
	Red Hat, Inc.	Red Hat Enterprise Linux
	Red Hat, Inc.	Red Hat Enterprise Linux Desktop
	Red Hat, Inc.	Red Hat Enterprise Linux HPC Node
	Red Hat, Inc.	Red Hat Enterprise Linux Server
	Red Hat, Inc.	Red Hat Enterprise Linux Workstation
	Red Hat, Inc.	RHEL Desktop Workstation

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-002111.html",
  "dc:date": "2012-12-26T11:42+09:00",
  "dcterms:issued": "2011-08-26T17:14+09:00",
  "dcterms:modified": "2012-12-26T11:42+09:00",
  "description": "Samba Web Administration Tool contains a cross-site scripting vulnerability.\r\n\r\nSamba Web Administration Tool (SWAT) allows for Samba configuration through a web interface. SWAT contains a cross-site scripting vulnerability.\r\n\r\nSWAT is disabled in a default configuration of Samba.\r\n\r\nnobuhiro tsuji of NTT DATA INTELLILINK CORPORATION reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-002111.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:redhat:rhel_server_eus",
      "@product": "Red Hat Enterprise Linux Server EUS",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:samba:samba",
      "@product": "Samba",
      "@vendor": "Samba Project",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:vmware:esx",
      "@product": "VMware ESX",
      "@vendor": "VMware",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_hpc_node",
      "@product": "Red Hat Enterprise Linux HPC Node",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_server",
      "@product": "Red Hat Enterprise Linux Server",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_workstation",
      "@product": "Red Hat Enterprise Linux Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:rhel_desktop_workstation",
      "@product": "RHEL Desktop Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2011-002111",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN63041502/index.html",
      "@id": "JVN#63041502",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694",
      "@id": "CVE-2011-2694",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2694",
      "@id": "CVE-2011-2694",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/45393",
      "@id": "SA45393",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/48901",
      "@id": "48901",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/68844",
      "@id": "68844",
      "@source": "XF"
    },
    {
      "#text": "http://www.securitytracker.com/id?1025852",
      "@id": "1025852",
      "@source": "SECTRACK"
    },
    {
      "#text": "http://osvdb.org/74072",
      "@id": "74072",
      "@source": "OSVDB"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Samba Web Administration Tool vulnerable to cross-site scripting"
}

CERTA-2011-AVI-416

Vulnerability from certfr_avis - Published: 2011-07-28 - Updated: 2011-08-23

La console d'administration web de Samba est vulnérable à des injections de code indirectes et à des injections de requêtes illégitimes par rebond.

Description

Deux vulnérabilités ont été corrigées dans la console d'administration web de Samba (SWAT) :

(CVE-2011-2522) une injection de requêtes illégitimes par rebond (CRSF) est possible au moyen d'une URL spécialement construite ;
(CVE-2011-2694) une injection de code indirecte est possible dans le module de changement de mots de passe.

La console SWAT n'est pas activée dans la configuration par défaut.

Solution

La version 3.5.10 de Samba remédie à ces problèmes.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Samba Web Administration Tool (SWAT) dans les versions 3.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Annonce de la version 3.5.10 de Samba du 26 juillet 2011	None	vendor-advisory
Bulletin de sécurité Debian DSA 2290 du 07 août 2011 :	-	other
Bulletin de sécurité Mandriva MDVSA-2011:121 du 27 juillet 2011 :	-	other
Bulletin de sécurité Ubuntu USN-1182-1 du 02 août 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eSamba Web Administration Tool (SWAT)  dans les versions 3.x.\u003c/p\u003e",
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans la console d\u0027administration\nweb de Samba (SWAT)\u00a0:\n\n-   (CVE-2011-2522) une injection de requ\u00eates ill\u00e9gitimes par rebond\n    (CRSF) est possible au moyen d\u0027une URL sp\u00e9cialement construite\u00a0;\n-   (CVE-2011-2694) une injection de code indirecte est possible dans le\n    module de changement de mots de passe.\n\n  \n  \n\nLa console SWAT n\u0027est pas activ\u00e9e dans la configuration par d\u00e9faut.\n\n## Solution\n\nLa version 3.5.10 de Samba rem\u00e9die \u00e0 ces probl\u00e8mes.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2694"
    },
    {
      "name": "CVE-2011-2522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2522"
    }
  ],
  "initial_release_date": "2011-07-28T00:00:00",
  "last_revision_date": "2011-08-23T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 2290 du 07 ao\u00fbt 2011 :",
      "url": "http://www.debian.org/security/2011/dsa-2290"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2011:121 du 27 juillet    2011 :",
      "url": "http://www.mandriva.com/fr/support/security/advisories?name=MDVSA-2011:121"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1182-1 du 02 ao\u00fbt 2011 :",
      "url": "http://www.ubuntu.com/usn/usn-1182-1"
    }
  ],
  "reference": "CERTA-2011-AVI-416",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-07-28T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins Debian, Mandriva et Ubuntu.",
      "revision_date": "2011-08-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "La console d\u0027administration web de Samba est vuln\u00e9rable \u00e0 des injections\nde code indirectes et \u00e0 des injections de requ\u00eates ill\u00e9gitimes par\nrebond.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Samba (SWAT)",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Annonce de la version 3.5.10 de Samba du 26 juillet 2011",
      "url": "http://www.samba.org/samba/history/samba-3.5.10.html"
    }
  ]
}

CERTA-2012-AVI-046

Vulnerability from certfr_avis - Published: 2012-02-01 - Updated: 2012-02-01

Un grand nombre de vulnérabilités, dont certaines permettent d'exécuter du code arbitraire à distance, sont présentes dans VMware ESX et VMware ESXi.

Description

Un grand nombre de vulnérabilités existe dans VMWare ESX et VMware ESXi dont certaines, particulièrement critiques, peuvent conduire à une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	VMware	ESXi	VMware ESXi 4.1 ;
	VMware	ESXi	VMware ESX 4.1.

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2012-0001 du 30 janvier 2012	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2012-0001 du 30 janvier 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ESXi 4.1 ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 4.1.",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUn grand nombre de vuln\u00e9rabilit\u00e9s existe dans VMWare ESX et VMware ESXi\ndont certaines, particuli\u00e8rement critiques, peuvent conduire \u00e0 une\nex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1170"
    },
    {
      "name": "CVE-2010-1634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1634"
    },
    {
      "name": "CVE-2010-2059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2059"
    },
    {
      "name": "CVE-2011-2901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2901"
    },
    {
      "name": "CVE-2011-2694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2694"
    },
    {
      "name": "CVE-2011-2213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2213"
    },
    {
      "name": "CVE-2010-4649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4649"
    },
    {
      "name": "CVE-2009-3560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3560"
    },
    {
      "name": "CVE-2011-1494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1494"
    },
    {
      "name": "CVE-2011-1044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1044"
    },
    {
      "name": "CVE-2011-3378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3378"
    },
    {
      "name": "CVE-2011-2022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2022"
    },
    {
      "name": "CVE-2011-1080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1080"
    },
    {
      "name": "CVE-2011-1746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1746"
    },
    {
      "name": "CVE-2011-0695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0695"
    },
    {
      "name": "CVE-2011-2522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2522"
    },
    {
      "name": "CVE-2011-1745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1745"
    },
    {
      "name": "CVE-2011-1780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1780"
    },
    {
      "name": "CVE-2011-1078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1078"
    },
    {
      "name": "CVE-2010-3493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3493"
    },
    {
      "name": "CVE-2011-1776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1776"
    },
    {
      "name": "CVE-2011-1171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1171"
    },
    {
      "name": "CVE-2011-1936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1936"
    },
    {
      "name": "CVE-2011-1678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1678"
    },
    {
      "name": "CVE-2011-1593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1593"
    },
    {
      "name": "CVE-2011-1182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1182"
    },
    {
      "name": "CVE-2011-1093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1093"
    },
    {
      "name": "CVE-2011-2517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2517"
    },
    {
      "name": "CVE-2011-1521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1521"
    },
    {
      "name": "CVE-2011-1763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1763"
    },
    {
      "name": "CVE-2011-2192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2192"
    },
    {
      "name": "CVE-2011-0726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0726"
    },
    {
      "name": "CVE-2011-1015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1015"
    },
    {
      "name": "CVE-2011-2492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2492"
    },
    {
      "name": "CVE-2011-1079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1079"
    },
    {
      "name": "CVE-2011-2525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2525"
    },
    {
      "name": "CVE-2011-2482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2482"
    },
    {
      "name": "CVE-2011-1573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1573"
    },
    {
      "name": "CVE-2011-1166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1166"
    },
    {
      "name": "CVE-2011-2689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2689"
    },
    {
      "name": "CVE-2010-0787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0787"
    },
    {
      "name": "CVE-2011-1172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1172"
    },
    {
      "name": "CVE-2011-1163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1163"
    },
    {
      "name": "CVE-2010-2089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2089"
    },
    {
      "name": "CVE-2010-0547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0547"
    },
    {
      "name": "CVE-2009-3720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3720"
    },
    {
      "name": "CVE-2011-1577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1577"
    },
    {
      "name": "CVE-2011-2519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2519"
    },
    {
      "name": "CVE-2011-1495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1495"
    },
    {
      "name": "CVE-2011-0711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0711"
    },
    {
      "name": "CVE-2011-2491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2491"
    },
    {
      "name": "CVE-2011-1576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1576"
    },
    {
      "name": "CVE-2011-2495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2495"
    }
  ],
  "initial_release_date": "2012-02-01T00:00:00",
  "last_revision_date": "2012-02-01T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0001 du 30 janvier    2012 :",
      "url": "http://www.vmware.com/security/advisories/VMSA-2012-0001.html"
    }
  ],
  "reference": "CERTA-2012-AVI-046",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-02-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Un grand nombre de vuln\u00e9rabilit\u00e9s, dont certaines permettent d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance, sont pr\u00e9sentes dans VMware ESX et VMware\nESXi.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans VMware ESX et ESXi",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0001 du 30 janvier 2012",
      "url": null
    }
  ]
}

GSD-2011-2694

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-2694

Aliases

CVE-2011-2694

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-2694",
    "description": "Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).",
    "id": "GSD-2011-2694",
    "references": [
      "https://www.suse.com/security/cve/CVE-2011-2694.html",
      "https://www.debian.org/security/2011/dsa-2290",
      "https://access.redhat.com/errata/RHSA-2011:1221",
      "https://access.redhat.com/errata/RHSA-2011:1220",
      "https://access.redhat.com/errata/RHSA-2011:1219",
      "https://linux.oracle.com/cve/CVE-2011-2694.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-2694"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).",
      "id": "GSD-2011-2694",
      "modified": "2023-12-13T01:19:06.697266Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2011-2694",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "MDVSA-2011:121",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:121"
          },
          {
            "name": "HPSBNS02701",
            "refsource": "HP",
            "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543"
          },
          {
            "name": "1025852",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1025852"
          },
          {
            "name": "JVN#63041502",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN63041502/index.html"
          },
          {
            "name": "DSA-2290",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2011/dsa-2290"
          },
          {
            "name": "74072",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/74072"
          },
          {
            "name": "45393",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/45393"
          },
          {
            "name": "45496",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/45496"
          },
          {
            "name": "45488",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/45488"
          },
          {
            "name": "http://samba.org/samba/history/samba-3.5.10.html",
            "refsource": "CONFIRM",
            "url": "http://samba.org/samba/history/samba-3.5.10.html"
          },
          {
            "name": "48901",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/48901"
          },
          {
            "name": "SSRT100598",
            "refsource": "HP",
            "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543"
          },
          {
            "name": "https://bugzilla.samba.org/show_bug.cgi?id=8289",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.samba.org/show_bug.cgi?id=8289"
          },
          {
            "name": "http://www.samba.org/samba/security/CVE-2011-2694",
            "refsource": "CONFIRM",
            "url": "http://www.samba.org/samba/security/CVE-2011-2694"
          },
          {
            "name": "USN-1182-1",
            "refsource": "UBUNTU",
            "url": "http://ubuntu.com/usn/usn-1182-1"
          },
          {
            "name": "samba-user-xss(68844)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68844"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=722537",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=722537"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.3.16",
                "versionStartIncluding": "3.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.4.14",
                "versionStartIncluding": "3.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.10",
                "versionStartIncluding": "3.5.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-2694"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.samba.org/samba/security/CVE-2011-2694",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.samba.org/samba/security/CVE-2011-2694"
            },
            {
              "name": "45393",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/45393"
            },
            {
              "name": "JVN#63041502",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://jvn.jp/en/jp/JVN63041502/index.html"
            },
            {
              "name": "1025852",
              "refsource": "SECTRACK",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://securitytracker.com/id?1025852"
            },
            {
              "name": "48901",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/48901"
            },
            {
              "name": "http://samba.org/samba/history/samba-3.5.10.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://samba.org/samba/history/samba-3.5.10.html"
            },
            {
              "name": "MDVSA-2011:121",
              "refsource": "MANDRIVA",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:121"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=722537",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=722537"
            },
            {
              "name": "https://bugzilla.samba.org/show_bug.cgi?id=8289",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch"
              ],
              "url": "https://bugzilla.samba.org/show_bug.cgi?id=8289"
            },
            {
              "name": "74072",
              "refsource": "OSVDB",
              "tags": [
                "Broken Link"
              ],
              "url": "http://osvdb.org/74072"
            },
            {
              "name": "45496",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable",
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/45496"
            },
            {
              "name": "DSA-2290",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2290"
            },
            {
              "name": "45488",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable",
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/45488"
            },
            {
              "name": "USN-1182-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://ubuntu.com/usn/usn-1182-1"
            },
            {
              "name": "SSRT100598",
              "refsource": "HP",
              "tags": [
                "Broken Link",
                "Third Party Advisory"
              ],
              "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543"
            },
            {
              "name": "samba-user-xss(68844)",
              "refsource": "XF",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68844"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2022-10-31T15:02Z",
      "publishedDate": "2011-07-29T20:55Z"
    }
  }
}

GHSA-9XQR-G3W9-82PJ

Vulnerability from github – Published: 2022-05-14 02:16 – Updated: 2022-05-14 02:16

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-2694"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-07-29T20:55:00Z",
    "severity": "LOW"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).",
  "id": "GHSA-9xqr-g3w9-82pj",
  "modified": "2022-05-14T02:16:34Z",
  "published": "2022-05-14T02:16:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2694"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=722537"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.samba.org/show_bug.cgi?id=8289"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68844"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN63041502/index.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/74072"
    },
    {
      "type": "WEB",
      "url": "http://samba.org/samba/history/samba-3.5.10.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/45393"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/45488"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/45496"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1025852"
    },
    {
      "type": "WEB",
      "url": "http://ubuntu.com/usn/usn-1182-1"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2011/dsa-2290"
    },
    {
      "type": "WEB",
      "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:121"
    },
    {
      "type": "WEB",
      "url": "http://www.samba.org/samba/security/CVE-2011-2694"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/48901"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-2694 (GCVE-0-2011-2694)

FKIE_CVE-2011-2694

JVNDB-2011-002111

CERTA-2011-AVI-416

Description

Solution

CERTA-2012-AVI-046

Description

Solution

GSD-2011-2694

GHSA-9XQR-G3W9-82PJ

Tags

Sightings

Nomenclature