Candidate: CVE-2013-6395
PublicDate: 2013-12-05 18:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6395
 https://github.com/ganglia/ganglia-web/issues/218
Description:
 Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8
 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML
 via the host_regex parameter to the default URI, which is processed by
 get_context.php.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730507
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_ganglia:
upstream_ganglia: released (3.6.0-1)
lucid_ganglia: ignored (reached end-of-life)
precise_ganglia: ignored (reached end-of-life)
precise/esm_ganglia: DNE (precise was needed)
quantal_ganglia: ignored (reached end-of-life)
raring_ganglia: ignored (reached end-of-life)
saucy_ganglia: not-affected (3.6.0-1ubuntu2)
trusty_ganglia: not-affected
trusty/esm_ganglia: not-affected
utopic_ganglia: not-affected
vivid_ganglia: not-affected
vivid/stable-phone-overlay_ganglia: DNE
vivid/ubuntu-core_ganglia: DNE
wily_ganglia: not-affected
xenial_ganglia: not-affected
yakkety_ganglia: not-affected
zesty_ganglia: not-affected
devel_ganglia: not-affected

Patches_ganglia-web:
upstream_ganglia-web: released (3.5.11)
lucid_ganglia-web: DNE
precise_ganglia-web: DNE
precise/esm_ganglia-web: DNE
quantal_ganglia-web: DNE
raring_ganglia-web: DNE
saucy_ganglia-web: ignored (reached end-of-life)
trusty_ganglia-web: not-affected (3.6.1-1)
trusty/esm_ganglia-web: DNE (trusty was not-affected [3.6.1-1])
utopic_ganglia-web: not-affected (3.6.1-1)
vivid_ganglia-web: not-affected (3.6.1-1)
vivid/stable-phone-overlay_ganglia-web: DNE
vivid/ubuntu-core_ganglia-web: DNE
wily_ganglia-web: not-affected (3.6.1-1)
xenial_ganglia-web: not-affected (3.6.1-1)
yakkety_ganglia-web: not-affected (3.6.1-1)
zesty_ganglia-web: not-affected (3.6.1-1)
devel_ganglia-web: not-affected (3.6.1-1)