Vulnerabilità: CVE-2007-0242

Il decodificatore UTF-8 in codec / qutfcodec.cpp in Qt 3.3.8 e 4.2.3 non rigetta lunghe UTF-8 sequenze come richiesto dalla norma, che consente agli aggressori remoti di effettuare cross-site scripting (XSS) e trasversale di directory attacchi tramite lunghe sequenze che decodificano per metacaratteri pericolose.


http://www.securityfocus.com/bid/23269
http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm
http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html
http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html
http://www.nabble.com/Bug-417390:-CVE-2007-0242
http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350
https://issues.rpath.com/browse/RPL-1202
http://www.debian.org/security/2007/dsa-1292
http://fedoranews.org/updates/FEDORA-2007-703.shtml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:074
http://www.mandriva.com/security/advisories?name=MDKSA-2007:075
http://www.mandriva.com/security/advisories?name=MDKSA-2007:076
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510
http://www.redhat.com/support/errata/RHSA-2007-0883.html
http://www.redhat.com/support/errata/RHSA-2007-0909.html
http://rhn.redhat.com/errata/RHSA-2011-1324.html
http://secunia.com/advisories/24699
http://secunia.com/advisories/24705
http://secunia.com/advisories/24726
http://secunia.com/advisories/24727
http://secunia.com/advisories/24759
http://secunia.com/advisories/24797
http://secunia.com/advisories/24847
http://secunia.com/advisories/24889
http://secunia.com/advisories/25263
http://secunia.com/advisories/26804
http://secunia.com/advisories/26857
http://secunia.com/advisories/27108
http://secunia.com/advisories/27275
http://secunia.com/advisories/46117
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591
http://www.novell.com/linux/security/advisories/2007_6_sr.html
http://www.ubuntu.com/usn/usn-452-1
http://www.vupen.com/english/advisories/2007/1212
https://exchange.xforce.ibmcloud.com/vulnerabilities/33397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242


E' possibile lasciare un commento come utenti registrati al sito, accedendo tramite social, account wordpress oppure come utenti anonimi. Nel caso in cui si desideri lasciare un commento come utenti anonimi si verrà avvisati via email di un'eventuale risposta solo se si inserisce l'indirizzo email (facoltativo). L'inserimento di qualsiasi dato nei campi dei commenti è totalmente facoltativo. Chiunque decida di inserire un qualsiasi dato accetta il trattamento di questi ultimi per i fini inerenti al servizio ovvero la risposta al commento e le comunicazioni strettamente necessarie.


Rispondi