CERTVU:663763Apache mod_proxy_ftp XSS vulnerability
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.054 Low
EPSS
Percentile
93.0%
Overview
The Apache web server mod_proxy_ftp module contains a cross-site scripting (XSS) vulnerability.
Description
The Apache mod_proxy_ftp module allows the Apache web server to act as a proxy for FTP sites. Filename globbing is the process of using wildcards to match filenames. The mod_proxy_ftp module contains an XSS vulnerability that occurs because the module does not properly filter globbed characters in FTP URIs.
Impact
A remote attacker may be able to execute arbitrary Javascript in the context of a site being proxied by the Apache server.
Solution
Upgrade
Apache has released updates to address this issue. These updates are available on the Apache SVN server:
http://svn.apache.org/viewvc?view=rev&revision=682868
http://svn.apache.org/viewvc?view=rev&revision=682870
http://svn.apache.org/viewvc?view=rev&revision=682871
Note that vendors who distribute Apache may not have immediately have a version or update that contains these fixes.
Workarounds
* Mozilla Firefox users can use the [NoScript](<http://noscript.net/>) extension to keep Javascript from running in untrusted domains.
* Application firewalls and IPS systems may be able to block certain types of XSS attacks at the network perimeter.
Vendor Information
663763
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Apache HTTP Server Project __ Affected
Updated: August 08, 2008
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
See the below links for more details.
http://svn.apache.org/viewvc?view=rev&revision=682868
http://svn.apache.org/viewvc?view=rev&revision=682870
http://svn.apache.org/viewvc?view=rev&revision=682871
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23663763 Feedback>).
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://www.securityfocus.com/archive/1/495180>
- http://svn.apache.org/viewvc?view=rev&revision=682868
- http://svn.apache.org/viewvc?view=rev&revision=682870
- http://svn.apache.org/viewvc?view=rev&revision=682871
- <http://ftpsearch.ntua.gr/globbing.html>
- <http://noscript.net/>
Acknowledgements
Thanks to Rapid7 and Apache for information that was used in this report.
This document was written by Ryan Giobbi.
Other Information
| CVE IDs: | CVE-2008-2939 |
|---|---|
| Severity Metric: | 2.70 Date Public: |
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.054 Low
EPSS
Percentile
93.0%