| Summary | WEBGUI - Fix for XSS, Other Web Vulnerabilities, Core Admin and Password Related Issues |
| Platform | Unix |
| Category | bugfix |
| Valid for | 6.2.x, 6.3.x, 6.4.x, 6.5.0.x |
| Requires | 2002, 6.2.1.5 - 6.4.0.9: 2083, 6.2.1.5 - 6.4.0.9: 2066 |
| Client Required Patch/es | |
| Supersedes | |
| Superseded by | |
| Affects | Server: Core |
| Last Updated | October 23, 2017 |
This patch fixes: * The Cross-Site Scripting (XSS) vulnerability in Core Admin * Inability to change password in 6.5.0.22 when a validity error occured * Web vulnerabilities in WebGUI * Vulnerable PHP version (Upgrade to 5.6.30) * Vulnerable Apache version (Upgrade to 2.4.25) * Vulnerable OpenSSL version (Upgrade to 1.0.2k)
Unpack tar file in e.g /tmp/patch on the Open iT host. Do the following as root: cd /tmp/patch ./patch.pl
patch2095.tar.gz