Apache HTTP Server SSI Error Page XSS

2002-10-02T07:59:28
ID OSVDB:862
Type osvdb
Reporter mattmurphy(mattmurphy@kc.rr.com)
Modified 2002-10-02T07:59:28

Description

Vulnerability Description

Apache contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate server signature data by Server Side Include (SSI) error pages. This could allow a remote attacker to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Technical Description

The 'UseCanonicalName' option must be disabled and support for wildcard DNS must be present to exploit this vulnerability.

Solution Description

Upgrade to version 1.3.27 or 2.0.43 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Apache contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate server signature data by Server Side Include (SSI) error pages. This could allow a remote attacker to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://%3CIMG%20SRC%3D%22%22%20ONERROR%3D%22alert%28document%2Ecookie%29%22%3E.apachesite.org/raise_404

References:

Vendor URL: http://httpd.apache.org/ Vendor URL: http://www.apache.org/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Nessus Plugin ID:11137 Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html ISS X-Force ID: 10241 CVE-2002-0840 CIAC Advisory: n-005 CERT VU: 240329 Bugtraq ID: 5847