Felix Eckhofer

**Name of the Vulnerable Software and Affected Versions** fli4l versions prior to 3.10.1 fli4l version 4.0 before 2015-01-30 **Description** The issue allows remote attackers to execute arbitrary code via the httpd package. **Recommendations** For fli4l versions prior to 3.10.1, update to version 3.10.1 or later. For fli4l version 4.0 before 2015-01-30, update to a version released on or after 2015-01-30.

**Name of the Vulnerable Software and Affected Versions** fli4l versions prior to 3.10.1 fli4l versions 4.0 before 2015-01-30 **Description** The issue concerns HTTP header injection in the httpd package. **Recommendations** For fli4l versions prior to 3.10.1, update to version 3.10.1 or later. For fli4l versions 4.0 before 2015-01-30, update to a version released after 2015-01-30.

**Name of the Vulnerable Software and Affected Versions** fli4l versions prior to 3.10.1 fli4l versions prior to 4.0 (specifically before 2015-01-30) **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the web administration frontend of the httpd package. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via several scripts in the admin/ directory, including `conntrack.cgi`, `index.cgi`, `log syslog.cgi`, `problems.cgi`, `status.cgi`, `status network.cgi`, and `status system.cgi`. **Recommendations** For fli4l versions prior to 3.10.1, update to version 3.10.1 or later. For fli4l versions prior to 4.0 (specifically before 2015-01-30), update to a version from 2015-01-30 or later. As a temporary workaround, consider restricting access to the vulnerable scripts in the admin/ directory until a patch is applied.