Oval Definition:	oval:org.mitre.oval:def:15176
Revision Date: 2014-06-23 Version: 20 Title: DSA-2335-1 man2html -- missing input sanitisation Description: Tim Starling discovered that the Debian-native CGI wrapper for man2html, a program to convert UNIX man pages to HTML, is not properly escaping user-supplied input when displaying various error messages. A remote attacker can exploit this flaw to conduct cross-site scripting attacks. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2011-2770 DSA-2335-1 Platform(s): Debian GNU/kFreeBSD 6.0 Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Product(s): man2html Definition Synopsis Release section Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND man2html DPKG is earlier than 1.6f-3+lenny1 OR Release section Debian 6.0 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed OR Debian GNU/kFreeBSD is installed AND Installed architecture is all AND man2html DPKG is earlier than 1.6f+repack-1+squeeze1
BACK