ALERT: Xitami 2.5b5
From: Matthew Murphy (mattmurphy@kc.rr.com)Date: 06/14/02
- Previous message: Dave Palumbo: "XSS in CiscoSecure ACS v3.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Matthew Murphy" <mattmurphy@kc.rr.com> To: <bugtraq@securityfocus.com>, "SecurITeam News" <news@securiteam.com> Date: Fri, 14 Jun 2002 15:22:21 -0500
I have notified iMatix via support@xitami.com of multiple
flaws in the GSL templates of Xitami 2.5 Beta. The e-mail
was sent out today, so I will release technical details later
on, but I did want to release a workaround:
In defaults.cfg, users can set "use-error-script" in the "[Server]"
section to "0". This will disable the vulnerable GSL script and
secure your server. Users who have not installed the Beta
should wait until a fix is available.
Xitami has no security contact, so I decided to publish this
workaround to avoid exploits of this bug. In my message to
the company (iMatix) I told them that if no reply was received
in 7 days, I would publish full details.
- Previous message: Dave Palumbo: "XSS in CiscoSecure ACS v3.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
