Apache 1.3/2.0.x Server Side Include Cross-Site Scripting Vulnerability

2002-10-02T00:00:00
ID EDB-ID:21885
Type exploitdb
Reporter mattmurphy
Modified 2002-10-02T00:00:00

Description

Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability. CVE-002-0840 . Remote exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/5847/info

Apache is reported to be vulnerable to cross site scripting attacks. This vulnerability is due to the SSI error pages of the webserver not being properly sanitized of malicious HTML code.

Attacker-supplied HTML and script code may be executed on a web client visiting the malicious link in the context of the webserver.

Attacks of this nature may make it possible for attackers to manipulate web content or to steal cookie-based authentication credentials. It may be possible to take arbitrary actions as the victim user.

http://%3CIMG%20SRC%3D%22%22%20ONERROR%3D%22alert%28document%2Ecookie%29%22
%3E.apachesite.org/raise_404