| VID |
21666 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Jaws software is vulnerable to multiple input validation vulnerabilities. Jaws is a Framework and Content Management System for building dynamic web sites, written in PHP. Jaws version 0.3 BETA and earlier versions are vulnerable to multiple input validation vulnerabilities, which can be exploited by a remote attacker to conduct various attacks using the following vulnerabilities:
1) A Cross-Site Scripting Vulnerability
2) A Directory Traversal Vulnerability (via the gadget parameter of the index.php script)
3) An Authentication Bypass Vulnerability
* References:
http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html
* Platforms Affected:
Jaws version 0.3 BETA and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Jaws (0.5 or later), available from the Jaws Web site at http://www.jaws.com |
| Related URL |
CVE-2004-2443,CVE-2004-2444,CVE-2004-2445 (CVE) |
| Related URL |
10670 (SecurityFocus) |
| Related URL |
16614,16617,16619,16620,16621,16622 (ISS) |
|
