CVE-2011-0728 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	3.5 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:S/C:N/I:P/A:N
canonical	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 61%

Vendor	Product	Version
michael_hudson-doyle	loggerhead	𝑥 ≤ 1.18
michael_hudson-doyle	loggerhead	1.6
michael_hudson-doyle	loggerhead	1.6.1
michael_hudson-doyle	loggerhead	1.10
michael_hudson-doyle	loggerhead	1.17

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

loggerhead

bullseye	1.19~bzr511-1 fixed
squeeze	no-dsa
bookworm	2.0.1+bzr541+ds-2 fixed
sid	2.0.1+bzr548-1 fixed
trixie	2.0.1+bzr548-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

loggerhead

maverick	Fixed 1.17+bzr424-1ubuntu1.1 released
lucid	Fixed 1.17+bzr400-1ubuntu0.1 released
karmic	Fixed 1.17-0ubuntu1.1 released
hardy	dne
dapper	dne

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057413.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057479.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057502.html

http://secunia.com/advisories/43822

http://secunia.com/advisories/44017

http://www.osvdb.org/71279

http://www.securityfocus.com/bid/47032

http://www.vupen.com/english/advisories/2011/0848

http://www.vupen.com/english/advisories/2011/0849

https://bugs.launchpad.net/loggerhead/+bug/740142

https://exchange.xforce.ibmcloud.com/vulnerabilities/66305

https://launchpad.net/loggerhead/1.18/1.18.1

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057413.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057479.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057502.html

http://secunia.com/advisories/43822

http://secunia.com/advisories/44017

http://www.osvdb.org/71279

http://www.securityfocus.com/bid/47032

http://www.vupen.com/english/advisories/2011/0848

http://www.vupen.com/english/advisories/2011/0849

https://bugs.launchpad.net/loggerhead/+bug/740142

https://exchange.xforce.ibmcloud.com/vulnerabilities/66305

https://launchpad.net/loggerhead/1.18/1.18.1