Index: vuln.xml =================================================================== RCS file: /home/pcvs/ports/security/vuxml/vuln.xml,v retrieving revision 1.1193 diff -u -r1.1193 vuln.xml --- vuln.xml 15 Oct 2006 19:43:00 -0000 1.1193 +++ vuln.xml 15 Oct 2006 20:24:39 -0000 @@ -34,6 +34,46 @@ --> + + viewvc -- undefined charset UTF-7 XSS vulnerability + + + viewvc + 1.0.3 + + + + +

Stefan Esser reports:

+
+

It was discovered that ViewVC is neither sending a charset + HTTP header nor specifying a charset in the HTML body. + Therefore it is possible to trick several browsers into + decoding ViewVC pages UTF-7. This allows attackers to + inject arbitrary UTF-7 encoded Java-Script code into the + output.

+

Please note that these UTF-7 attacks against sites with + missing charset definitions are also exploitable in the + mozilla browser family (seamonkey, firefox, ...). + Advisories from different parties that describe similar + vulnerabilities usually claim that only Internet Explorer + with activated auto-detection is vulnerable. In reality the + mozilla browser family is even more affected, because you + can attack them no matter if charset auto-detection is + turned on or off.

+
+ + + + http://www.hardened-php.net/advisory_102006.134.html + http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD + + + 2006-10-07 + 2006-10-15 + + + tkdiff -- temporary file symlink privilege escalation