Cgit Multiple Vulnerabilities


Description   (#Several vulnerabilities have been identified in cgit:#- CVE-2016-1899: reflected cross-site scripting. A remote attacker can exploit it in order to execute arbitrary Javascript or HTML code by inciting their victim into following a specially formed link. The vulnerability can be exploited via the "Mimetype" query string##- CVE-2016-1900: persistent cross-site scripting. A remote attacker can exploit it in order to execute arbitrary Javascript or HTML code. The vulnerability is located in the "filename" parameter##- CVE-2016-1901: integer overflow. A remote attacker could exploit it in order to cause a denial of service or potentially execute arbitrary code. The vulnerability is located in the "open_auth_filter" function of the "cgit.c" source file.##The cgit packages provided by Debian Jessie 8 are vulnerable.)
     
Vulnerable Products   Vulnerable OS:
Fedora (Red Hat) - 22, 23FreeBSD (FreeBSD) - AllGNU/Linux (Debian) - 8openSUSE (SUSE) - 13.1, 13.2, 42.1
     
Solution   Fixed cgit packages for Debian Jessie 8 are available.
     
CVE   CVE-2016-1901
CVE-2016-1900
CVE-2016-1899
     
References   - Debian Security Tracker : cgit
https://security-tracker.debian.org/tracker/CVE-2016-1899
https://security-tracker.debian.org/tracker/CVE-2016-1900
https://security-tracker.debian.org/tracker/CVE-2016-1901
- CGIT : v0.12 Released
http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html
- VuXML : cgit -- multiple vulnerabilities
https://www.vuxml.org/freebsd/62c0dbbd-bfce-11e5-b5fe-002590263bf5.html
- openSUSE-SU-2016:0218-1 : Security update for cgit
http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html
- openSUSE-SU-2016:0196-1 : Security update for cgit
http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html
- FEDORA-2016-215b507409 : Fedora 22 Update: cgit-0.12-1.fc22
https://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html
- FEDORA-2016-e5a5fb196f : Fedora 23 Update: cgit-0.12-1.fc23
https://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html
- DSA 3545-1 : cgit security update
https://lists.debian.org/debian-security-announce/2016/msg00119.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL
3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL
3.2.0
XSS - Phishing : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL
3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL
3.2.0
XSS - Phishing : suspicious 'a' tag found in URL
3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL
3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL
3.2.0
XSS - Phishing : suspicious 'form' tag found in URL
3.2.0
XSS - Prevention - GET : javascript code found in URL
3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL
3.2.0
XSS - Phishing : suspicious 'link' tag found in URL
3.2.0
XSS - Prevention - GET : 'script' tag found in URL
3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL
3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL
3.2.0
     


 
 
 
 
 Risk level 
High 

 Vulnerability First Public Report Date 
2016-01-15 

 Target Type 
Server 

 Possible exploit 
Remote