CVE-2001-0835 | Vulnerability Database | Aqua Security

Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup.

Affected Software

Name	Vendor	Start Version	End Version
Webalizer	Bradford_barrett	*	2.0.6 (including)
Red Hat Linux 7.2	RedHat		*
Red Hat Powertools 7.0	RedHat		*
Red Hat Powertools 7.1	RedHat		*

References

http://lists.suse.com/archives/suse-security-announce/2001-Nov/0001.html
http://marc.info/?l=bugtraq\u0026m=100394630702875\u0026w=2
http://www.linuxsecurity.com/advisories/other_advisory-1677.html
http://www.mrunix.net/webalizer/news.html
http://www.redhat.com/support/errata/RHSA-2001-140.html
http://www.redhat.com/support/errata/RHSA-2001-141.html
http://www.securityfocus.com/bid/3473
https://exchange.xforce.ibmcloud.com/vulnerabilities/7350
https://exchange.xforce.ibmcloud.com/vulnerabilities/7351
http://lists.suse.com/archives/suse-security-announce/2001-Nov/0001.html
http://marc.info/?l=bugtraq\u0026m=100394630702875\u0026w=2
http://www.linuxsecurity.com/advisories/other_advisory-1677.html
http://www.mrunix.net/webalizer/news.html
http://www.redhat.com/support/errata/RHSA-2001-140.html
http://www.redhat.com/support/errata/RHSA-2001-141.html
http://www.securityfocus.com/bid/3473
https://exchange.xforce.ibmcloud.com/vulnerabilities/7350
https://exchange.xforce.ibmcloud.com/vulnerabilities/7351

NVD	https://nvd.nist.gov/vuln/detail/CVE-2001-0835
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html