| Summary | WEBGUI - Fix for XSS, Other Web Vulnerabilities, Core Admin and Password Related Issues |
| Platform | Unix |
| Category | bugfix |
| Requires |
2083, 2066, 2002 992, 990, 919, 2083, 2066, 2049, 2002, 2000 (incl. dependencies) |
| Client Required Patch/es | |
| Supersedes | |
| Superseded by | |
| Affects | Server: Core |
| Last Updated | October 23, 2017 |
This patch fixes: * The Cross-Site Scripting (XSS) vulnerability in Core Admin * Inability to change password in 6.5.0.22 when a validity error occured * Web vulnerabilities in WebGUI * Vulnerable PHP version (Upgrade to 5.6.30) * Vulnerable Apache version (Upgrade to 2.4.25) * Vulnerable OpenSSL version (Upgrade to 1.0.2k)
Unpack tar file in e.g /tmp/patch on the Open iT host. Do the following as root: cd /tmp/patch ./patch.pl
patch2095.tar.gz