jvndb-2011-002111
Vulnerability from jvndb
Published
2011-08-26 17:14
Modified
2012-12-26 11:42
Severity ?
() - -
Summary
Samba Web Administration Tool vulnerable to cross-site scripting
Details
Samba Web Administration Tool contains a cross-site scripting vulnerability. Samba Web Administration Tool (SWAT) allows for Samba configuration through a web interface. SWAT contains a cross-site scripting vulnerability. SWAT is disabled in a default configuration of Samba. nobuhiro tsuji of NTT DATA INTELLILINK CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
JVN http://jvn.jp/en/jp/JVN63041502/index.html
CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694
NVD http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2694
SECUNIA http://secunia.com/advisories/45393
BID http://www.securityfocus.com/bid/48901
XF http://xforce.iss.net/xforce/xfdb/68844
SECTRACK http://www.securitytracker.com/id?1025852
OSVDB http://osvdb.org/74072
Cross-site Scripting(CWE-79) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
Red Hat, Inc.Red Hat Enterprise Linux Server EUS
Samba ProjectSamba
VMwareVMware ESX
Red Hat, Inc.Red Hat Enterprise Linux
Red Hat, Inc.Red Hat Enterprise Linux Desktop
Red Hat, Inc.Red Hat Enterprise Linux HPC Node
Red Hat, Inc.Red Hat Enterprise Linux Server
Red Hat, Inc.Red Hat Enterprise Linux Workstation
Red Hat, Inc.RHEL Desktop Workstation
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-002111.html",
  "dc:date": "2012-12-26T11:42+09:00",
  "dcterms:issued": "2011-08-26T17:14+09:00",
  "dcterms:modified": "2012-12-26T11:42+09:00",
  "description": "Samba Web Administration Tool contains a cross-site scripting vulnerability.\r\n\r\nSamba Web Administration Tool (SWAT) allows for Samba configuration through a web interface. SWAT contains a cross-site scripting vulnerability.\r\n\r\nSWAT is disabled in a default configuration of Samba.\r\n\r\nnobuhiro tsuji of NTT DATA INTELLILINK CORPORATION reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-002111.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:redhat:rhel_server_eus",
      "@product": "Red Hat Enterprise Linux Server EUS",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:samba:samba",
      "@product": "Samba",
      "@vendor": "Samba Project",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:vmware:esx",
      "@product": "VMware ESX",
      "@vendor": "VMware",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_hpc_node",
      "@product": "Red Hat Enterprise Linux HPC Node",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_server",
      "@product": "Red Hat Enterprise Linux Server",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_workstation",
      "@product": "Red Hat Enterprise Linux Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:rhel_desktop_workstation",
      "@product": "RHEL Desktop Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2011-002111",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN63041502/index.html",
      "@id": "JVN#63041502",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694",
      "@id": "CVE-2011-2694",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2694",
      "@id": "CVE-2011-2694",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/45393",
      "@id": "SA45393",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/48901",
      "@id": "48901",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/68844",
      "@id": "68844",
      "@source": "XF"
    },
    {
      "#text": "http://www.securitytracker.com/id?1025852",
      "@id": "1025852",
      "@source": "SECTRACK"
    },
    {
      "#text": "http://osvdb.org/74072",
      "@id": "74072",
      "@source": "OSVDB"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Samba Web Administration Tool vulnerable to cross-site scripting"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.