Qooxdoo vulnerability?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Qooxdoo vulnerability?

Matt Davis - NOAA Federal
This is more of a heads up for qooxdoo admins than anything, and could possibly be a false positive, but I felt I should at least relay this info. One of my developers sent this to me:

On my CentOS 6 laptop, using the ClamAV application to run a routine check for viruses, it alerted me to the fact that iris/client/qooxdoo-4.0.1-sdk/component/standalone/website/script/q.js contains the Html.Exploit.CVE.2015.1665 vulnerability.  You can review this at both http://www.cvedetails.com/cve/CVE-2015-1665/ and http://www.zerodayinitiative.com/advisories/ZDI-15-128/.

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
qooxdoo-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
Reply | Threaded
Open this post in threaded view
|

Re: Qooxdoo vulnerability?

MartinWittemann
Administrator
Hey,
just checked it using ClamXav on my mac and found the „exploit“ as well but only in an older version (4.0.2). The current master is ok and does not have any detected vulnerability may it be a false positive or not.
Regards,
Martin


> Am 27.04.2015 um 19:41 schrieb Matt Davis - NOAA Federal <[hidden email]>:
>
> This is more of a heads up for qooxdoo admins than anything, and could possibly be a false positive, but I felt I should at least relay this info. One of my developers sent this to me:
>
> On my CentOS 6 laptop, using the ClamAV application to run a routine check for viruses, it alerted me to the fact that iris/client/qooxdoo-4.0.1-sdk/component/standalone/website/script/q.js contains the Html.Exploit.CVE.2015.1665 vulnerability.  You can review this at both http://www.cvedetails.com/cve/CVE-2015-1665/ and http://www.zerodayinitiative.com/advisories/ZDI-15-128/.
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________
> qooxdoo-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
qooxdoo-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel