Null HTTP Server Long URL XSS

2003-09-25T10:06:07
ID OSVDB:2603
Type osvdb
Reporter OSVDB
Modified 2003-09-25T10:06:07

Description

Vulnerability Description

Null HTTPd contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate URL input upon submission to the application. It is possible to send an overly long specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Technical Description

This flaw can be exploited sending an overly long HTTP request containing 1799 bytes of random characters followed by up to 243 bytes of arbitrary script code. This will include the script code in an error page returned to the user.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Null HTTPd contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate URL input upon submission to the application. It is possible to send an overly long specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

Vendor URL: http://nullhttpd.sourceforge.net/httpd/ Secunia Advisory ID:9845 Other Advisory URL: http://aluigi.altervista.org/adv/nullhttpd-xss-adv.txt Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2003-09/0401.html ISS X-Force ID: 13281 Bugtraq ID: 8695