OWASP Java HTML Sanitizer Information Disclosure Vulnerability
BID:50748
Info
OWASP Java HTML Sanitizer Information Disclosure Vulnerability
| Bugtraq ID: | 50748 |
| Class: | Design Error |
| CVE: |
CVE-2011-4457 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 21 2011 12:00AM |
| Updated: | Nov 21 2011 12:00AM |
| Credit: | OWASP |
| Vulnerable: |
OWASP Java HTML Sanitizer 0 |
| Not Vulnerable: |
OWASP Java HTML Sanitizer r88 |
Discussion
OWASP Java HTML Sanitizer Information Disclosure Vulnerability
OWASP Java HTML Sanitizer is prone to a remote information-disclosure vulnerability.
An attacker can exploit this issue to obtain sensitive information that may aid in further attacks.
OWASP Java HTML Sanitizer versions prior to release 88 are vulnerable.
OWASP Java HTML Sanitizer is prone to a remote information-disclosure vulnerability.
An attacker can exploit this issue to obtain sensitive information that may aid in further attacks.
OWASP Java HTML Sanitizer versions prior to release 88 are vulnerable.
Exploit / POC
OWASP Java HTML Sanitizer Information Disclosure Vulnerability
Attackers can exploit this issue by tricking an unsuspecting victim into viewing a malicious webpage.
Attackers can exploit this issue by tricking an unsuspecting victim into viewing a malicious webpage.
Solution / Fix
OWASP Java HTML Sanitizer Information Disclosure Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
OWASP Java HTML Sanitizer Information Disclosure Vulnerability
References:
References: