Lucene search

K
seebugRootSSV:2819
HistoryJan 14, 2008 - 12:00 a.m.

Apache 'mod_proxy_ftp'未定义字符集UTF-7跨站脚本漏洞

2008-01-1400:00:00
Root
www.seebug.org
45

EPSS

0.011

Percentile

84.6%

BUGTRAQ ID: 27234
CVE ID:CVE-2008-0005
CNCVE ID:CNCVE-20080005

Apache HTTP Server是一款开放源码的WEB服务程序。
Apache HTTP Server包含的mod_proxy_ftp模块存在输入验证问题,远程攻击者可以利用漏洞进行跨站脚本攻击,可能获得目标用户敏感信息。
mod_proxy_ftp.c存在跨站脚本问题,字符集没有定义,我们可以通过设置字符集未UTF-7,在URL中使用";"字符进行跨站脚本攻击。

Apache Software Foundation Apache 2.2.6
Apache Software Foundation Apache 2.2.5
Apache Software Foundation Apache 2.2.4
Apache Software Foundation Apache 2.2.3
Apache Software Foundation Apache 2.2.2
Apache Software Foundation Apache 2.2 .0
Apache Software Foundation Apache 2.0.59
Apache Software Foundation Apache 2.0.58

  • Debian Linux 3.1 sparc
  • Debian Linux 3.1 s/390
  • Debian Linux 3.1 ppc
  • Debian Linux 3.1 mipsel
  • Debian Linux 3.1 mips
  • Debian Linux 3.1 m68k
  • Debian Linux 3.1 ia-64
  • Debian Linux 3.1 ia-32
  • Debian Linux 3.1 hppa
  • Debian Linux 3.1 arm
  • Debian Linux 3.1 amd64
  • Debian Linux 3.1 alpha
  • Debian Linux 3.1
    Apache Software Foundation Apache 2.0.56 -dev
    Apache Software Foundation Apache 2.0.55
    Apache Software Foundation Apache 2.0.54
  • Debian Linux 3.1 sparc
  • Debian Linux 3.1 s/390
  • Debian Linux 3.1 ppc
  • Debian Linux 3.1 mipsel
  • Debian Linux 3.1 mips
  • Debian Linux 3.1 m68k
  • Debian Linux 3.1 ia-64
  • Debian Linux 3.1 ia-32
  • Debian Linux 3.1 hppa
  • Debian Linux 3.1 arm
  • Debian Linux 3.1 amd64
  • Debian Linux 3.1 alpha
  • Debian Linux 3.1
    Apache Software Foundation Apache 2.0.53
    Apache Software Foundation Apache 2.0.52
  • Apple Mac OS X 10.3.6
  • Apple Mac OS X 10.2.8
  • Apple Mac OS X Server 10.3.6
  • Apple Mac OS X Server 10.2.8
  • RedHat Desktop 4.0
  • RedHat Enterprise Linux WS 4
  • RedHat Enterprise Linux ES 4
  • RedHat Enterprise Linux AS 4
  • Sun Solaris 10
    Apache Software Foundation Apache 2.0.51
  • RedHat Fedora Core2
  • RedHat Fedora Core1
    Apache Software Foundation Apache 2.0.50
  • MandrakeSoft Linux Mandrake 10.1 x86_64
  • MandrakeSoft Linux Mandrake 10.1
    Apache Software Foundation Apache 2.0.49
  • S.u.S.E. Linux Personal 9.1
  • Trustix Secure Linux 2.1
  • Trustix Secure Linux 2.0
    Apache Software Foundation Apache 2.0.48
  • MandrakeSoft Linux Mandrake 10.0 AMD64
  • MandrakeSoft Linux Mandrake 10.0
  • S.u.S.E. Linux 8.1
  • S.u.S.E. Linux Personal 9.0 x86_64
  • S.u.S.E. Linux Personal 9.0
  • S.u.S.E. Linux Personal 8.2
  • Trustix Secure Linux 2.1
  • Trustix Secure Linux 2.0
    Apache Software Foundation Apache 2.0.47
  • Apple Mac OS X Server 10.3.5
  • Apple Mac OS X Server 10.3.4
  • Apple Mac OS X Server 10.3.3
  • Apple Mac OS X Server 10.3.2
  • Apple Mac OS X Server 10.3.1
  • Apple Mac OS X Server 10.3
  • Apple Mac OS X Server 10.2.8
  • Apple Mac OS X Server 10.2.7
  • Apple Mac OS X Server 10.2.6
  • Apple Mac OS X Server 10.2.5
  • Apple Mac OS X Server 10.2.4
  • Apple Mac OS X Server 10.2.3
  • Apple Mac OS X Server 10.2.2
  • Apple Mac OS X Server 10.2.1
  • Apple Mac OS X Server 10.2
  • Apple Mac OS X Server 10.1.5
  • Apple Mac OS X Server 10.1.4
  • Apple Mac OS X Server 10.1.3
  • Apple Mac OS X Server 10.1.2
  • Apple Mac OS X Server 10.1.1
  • Apple Mac OS X Server 10.1
  • MandrakeSoft Linux Mandrake 9.2 amd64
  • MandrakeSoft Linux Mandrake 9.2
  • MandrakeSoft Linux Mandrake 9.1 ppc
  • MandrakeSoft Linux Mandrake 9.1
    Apache Software Foundation Apache 2.0.46
  • RedHat Desktop 3.0
  • RedHat Enterprise Linux WS 3
  • RedHat Enterprise Linux ES 3
  • RedHat Enterprise Linux AS 3
  • Trustix Secure Linux 2.0
    Apache Software Foundation Apache 2.0.45
  • Apple Mac OS X 10.2.6
  • Apple Mac OS X 10.2.5
  • Apple Mac OS X 10.2.4
  • Apple Mac OS X 10.2.3
  • Apple Mac OS X 10.2.2
  • Apple Mac OS X 10.2.1
  • Apple Mac OS X 10.2
  • Apple Mac OS X 10.1.5
  • Apple Mac OS X 10.1.4
  • Apple Mac OS X 10.1.3
  • Apple Mac OS X 10.1.2
  • Apple Mac OS X 10.1.1
  • Apple Mac OS X 10.1
  • Apple Mac OS X 10.1
  • Apple Mac OS X 10.0.4
  • Apple Mac OS X 10.0.3
  • Apple Mac OS X 10.0.2
  • Apple Mac OS X 10.0.1
  • Apple Mac OS X 10.0
  • Conectiva Linux 9.0
    Apache Software Foundation Apache 2.0.44
    Apache Software Foundation Apache 2.0.43
    Apache Software Foundation Apache 2.0.42
  • Gentoo Linux 1.4 _rc1
  • Gentoo Linux 1.2
    Apache Software Foundation Apache 2.0.41
    Apache Software Foundation Apache 2.0.40
  • RedHat Linux 9.0 i386
  • RedHat Linux 8.0
  • Terra Soft Solutions Yellow Dog Linux 3.0
    Apache Software Foundation Apache 2.0.39
    Apache Software Foundation Apache 2.0.38
    Apache Software Foundation Apache 2.0.37
    Apache Software Foundation Apache 2.0.36
    Apache Software Foundation Apache 2.0.35
    Apache Software Foundation Apache 2.0.32
    Apache Software Foundation Apache 2.0.28 Beta
    Apache Software Foundation Apache 2.0.28
    Apache Software Foundation Apache 2.0 a9
    Apache Software Foundation Apache 2.0
    Apache Software Foundation Apache 1.3.39
    Apache Software Foundation Apache 1.3.37
    Apache Software Foundation Apache 1.3.36
    Apache Software Foundation Apache 1.3.35
    Apache Software Foundation Apache 1.3.34
    Apache Software Foundation Apache 1.3.33
  • Apple Mac OS X 10.3.6
  • Apple Mac OS X 10.2.8
  • Apple Mac OS X Server 10.3.6
  • Apple Mac OS X Server 10.2.8
  • Debian Linux 3.1 sparc
  • Debian Linux 3.1 s/390
  • Debian Linux 3.1 ppc
  • Debian Linux 3.1 mipsel
  • Debian Linux 3.1 mips
  • Debian Linux 3.1 m68k
  • Debian Linux 3.1 ia-64
  • Debian Linux 3.1 ia-32
  • Debian Linux 3.1 hppa
  • Debian Linux 3.1 arm
  • Debian Linux 3.1 amd64
  • Debian Linux 3.1 alpha
  • Debian Linux 3.1
    Apache Software Foundation Apache 1.3.32
  • Gentoo Linux 1.4
  • Gentoo Linux
    Apache Software Foundation Apache 1.3.31
  • OpenPKG OpenPKG Current
    Apache Software Foundation Apache 1.3.29
  • Apple Mac OS X 10.3.5
  • Apple Mac OS X 10.2.7
  • Apple Mac OS X Server 10.3.5
  • Apple Mac OS X Server 10.2.7
  • MandrakeSoft Linux Mandrake 10.0 AMD64
  • MandrakeSoft Linux Mandrake 10.0
  • OpenPKG OpenPKG 2.0
    Apache Software Foundation Apache 1.3.28
  • Conectiva Linux 8.0
  • MandrakeSoft Linux Mandrake 9.2 amd64
  • MandrakeSoft Linux Mandrake 9.2
  • OpenBSD OpenBSD 3.4
  • OpenPKG OpenPKG 1.3
    Apache Software Foundation Apache 1.3.27
  • HP HP-UX (VVOS) 11.0 4
  • HP VirtualVault 4.6
  • HP VirtualVault 4.5
  • HP Webproxy 2.0
  • Immunix Immunix OS 7+
  • MandrakeSoft Linux Mandrake 9.1 ppc
  • MandrakeSoft Linux Mandrake 9.1
  • OpenBSD OpenBSD 3.3
  • OpenPKG OpenPKG Current
  • RedHat Enterprise Linux WS 2.1 IA64
  • RedHat Enterprise Linux WS 2.1
  • RedHat Enterprise Linux ES 2.1 IA64
  • RedHat Enterprise Linux ES 2.1
  • RedHat Enterprise Linux AS 2.1 IA64
  • RedHat Enterprise Linux AS 2.1
  • RedHat Linux Advanced Work Station 2.1
  • SGI IRIX 6.5.19
    Apache Software Foundation Apache 1.3.26
  • Conectiva Linux 8.0
  • Conectiva Linux 7.0
  • Conectiva Linux 6.0
  • Debian Linux 3.0 sparc
  • Debian Linux 3.0 s/390
  • Debian Linux 3.0 ppc
  • Debian Linux 3.0 mipsel
  • Debian Linux 3.0 mips
  • Debian Linux 3.0 m68k
  • Debian Linux 3.0 ia-64
  • Debian Linux 3.0 ia-32
  • Debian Linux 3.0 hppa
  • Debian Linux 3.0 arm
  • Debian Linux 3.0 alpha
  • MandrakeSoft Corporate Server 2.1 x86_64
  • MandrakeSoft Corporate Server 2.1
  • MandrakeSoft Linux Mandrake 9.0
  • OpenPKG OpenPKG 1.1
  • Trustix Secure Linux 1.5
  • Trustix Secure Linux 1.2
  • Trustix Secure Linux 1.1
    Apache Software Foundation Apache 1.3.24
  • OpenBSD OpenBSD 3.1
  • Oracle Oracle HTTP Server 9.2 .0
  • Oracle Oracle HTTP Server 9.0.1
  • Oracle Oracle9i Application Server 9.0.2
  • Oracle Oracle9i Application Server 1.0.2 .2
  • Oracle Oracle9i Application Server 1.0.2 .1s
  • Oracle Oracle9i Application Server 1.0.2
  • Slackware Linux 8.1
  • Unisphere Networks SDX-300 2.0.3
    Apache Software Foundation Apache 1.3.22
  • Caldera OpenLinux Server 3.1.1
  • Caldera OpenLinux Server 3.1
  • Caldera OpenLinux Workstation 3.1.1
  • Caldera OpenLinux Workstation 3.1
  • Conectiva Linux 8.0
  • Conectiva Linux 7.0
  • Conectiva Linux 6.0
  • MandrakeSoft Corporate Server 1.0.1
  • MandrakeSoft Linux Mandrake 8.1 ia64
  • MandrakeSoft Linux Mandrake 8.1
  • MandrakeSoft Linux Mandrake 8.0 ppc
  • MandrakeSoft Linux Mandrake 8.0
  • MandrakeSoft Linux Mandrake 7.2
  • OpenPKG OpenPKG 1.0
  • RedHat Linux 7.2 ia64
  • RedHat Linux 7.2 i386
  • RedHat Linux 7.1 ia64
  • RedHat Linux 7.1 i386
  • RedHat Linux 7.1 alpha
  • RedHat Linux 7.0 i386
  • RedHat Linux 7.0 alpha
  • RedHat Linux 6.2 sparc
  • RedHat Linux 6.2 i386
  • RedHat Linux 6.2 alpha
    Apache Software Foundation Apache 1.3.20
  • HP HP-UX 11.22
  • HP HP-UX 11.20
  • MandrakeSoft Single Network Firewall 7.2
  • S.u.S.E. Linux 7.3 sparc
  • S.u.S.E. Linux 7.3 ppc
  • S.u.S.E. Linux 7.3 i386
  • S.u.S.E. Linux 7.3
  • SGI IRIX 6.5.18
  • SGI IRIX 6.5.17
  • SGI IRIX 6.5.16
  • SGI IRIX 6.5.15
  • SGI IRIX 6.5.14 m
  • SGI IRIX 6.5.14 f
  • SGI IRIX 6.5.14
  • SGI IRIX 6.5.13 m
  • SGI IRIX 6.5.13 f
  • SGI IRIX 6.5.13
  • SGI IRIX 6.5.12 m
  • SGI IRIX 6.5.12 f
  • SGI IRIX 6.5.12
  • Slackware Linux 8.0
  • Sun Cobalt Control Station 4100CS
  • Sun Cobalt RaQ 550
  • Sun Solaris 9_x86 Update 2
  • Sun Solaris 9_x86
  • Sun Solaris 9
  • Sun SunOS 5.9 _x86
  • Sun SunOS 5.9
    Apache Software Foundation Apache 1.3.19
  • Apple Mac OS X 10.0.3
  • Caldera OpenLinux 2.4
  • Debian Linux 2.3
  • Digital (Compaq) TRU64/DIGITAL UNIX 5.0
  • Digital (Compaq) TRU64/DIGITAL UNIX 4.0 g
  • Digital (Compaq) TRU64/DIGITAL UNIX 4.0 f
  • EnGarde Secure Linux 1.0.1
  • FreeBSD FreeBSD 4.2
  • FreeBSD FreeBSD 3.5.1
  • HP HP-UX 11.11
  • HP HP-UX 11.0 4
  • HP HP-UX 11.0
  • HP HP-UX 10.20
  • HP Secure OS software for Linux 1.0
  • HP VirtualVault 4.5
  • MandrakeSoft Linux Mandrake 8.1
  • MandrakeSoft Linux Mandrake 8.0
  • MandrakeSoft Linux Mandrake 7.2
  • MandrakeSoft Linux Mandrake 7.1
  • NetBSD NetBSD 1.5.1
  • NetBSD NetBSD 1.5
  • OpenBSD OpenBSD 2.9
  • OpenBSD OpenBSD 2.8
  • OpenBSD OpenBSD 3.0
  • RedHat Linux 7.1
  • RedHat Linux 7.0
  • RedHat Linux 6.2
  • S.u.S.E. Linux 7.2 i386
  • S.u.S.E. Linux 7.2
  • S.u.S.E. Linux 7.1 x86
  • S.u.S.E. Linux 7.1 sparc
  • S.u.S.E. Linux 7.1 ppc
  • S.u.S.E. Linux 7.1 alpha
  • S.u.S.E. Linux 7.1
  • S.u.S.E. Linux 7.0 sparc
  • S.u.S.E. Linux 7.0 ppc
  • S.u.S.E. Linux 7.0 i386
  • S.u.S.E. Linux 7.0 alpha
  • S.u.S.E. Linux 7.0
  • S.u.S.E. Linux 6.4 ppc
  • S.u.S.E. Linux 6.4 i386
  • S.u.S.E. Linux 6.4 alpha
  • S.u.S.E. Linux 6.4
  • SCO eDesktop 2.4
  • SCO eServer 2.3.1
  • SGI IRIX 6.5.9
  • SGI IRIX 6.5.8
  • Sun Solaris 7.0
  • Sun Solaris 8
    Apache Software Foundation Apache 1.3.17
  • MandrakeSoft Corporate Server 1.0.1
  • MandrakeSoft Linux Mandrake 8.0 ppc
  • MandrakeSoft Linux Mandrake 8.0
  • OpenBSD OpenBSD 2.8
  • S.u.S.E. Linux 7.1
    Apache Software Foundation Apache 1.3.14
  • EnGarde Secure Linux 1.0.1
  • MandrakeSoft Linux Mandrake 7.2
  • MandrakeSoft Linux Mandrake 7.1
  • MandrakeSoft Single Network Firewall 7.2
  • SGI IRIX 6.5.11
  • SGI IRIX 6.5.10
  • SGI IRIX 6.5.9
  • SGI IRIX 6.5.8
  • SGI IRIX 6.5.7
  • SGI IRIX 6.5.6
  • SGI IRIX 6.5.5
  • SGI IRIX 6.5.4
  • SGI IRIX 6.5.3
  • SGI IRIX 6.5.2
  • SGI IRIX 6.5.1
  • SGI IRIX 6.5
    Apache Software Foundation Apache 1.3.12
  • NetScreen NetScreen-Global PRO Express Policy Manager Server
  • NetScreen NetScreen-Global PRO Policy Manager Server
  • OpenBSD OpenBSD 2.8
  • RedHat Linux 7.0 i386
  • RedHat Linux 7.0 alpha
  • RedHat Linux 6.2 sparc
  • RedHat Linux 6.2 i386
  • RedHat Linux 6.2 alpha
  • S.u.S.E. Linux 7.0 sparc
  • S.u.S.E. Linux 7.0
  • Sun Cobalt ManageRaQ v2 3599BD
  • Sun Cobalt Qube3 4000WG
  • Sun Cobalt RaQ XTR 3500R
  • Sun Cobalt RaQ4 3001R
    Apache Software Foundation Apache 1.3.11
    Apache Software Foundation Apache 1.3.9
  • Debian Linux 2.2 sparc
  • Debian Linux 2.2 powerpc
  • Debian Linux 2.2 arm
  • Debian Linux 2.2 alpha
  • Debian Linux 2.2 68k
  • Debian Linux 2.2
  • NetScreen NetScreen-Global PRO Express Policy Manager Server
  • NetScreen NetScreen-Global PRO Policy Manager Server
  • Sun Solaris 8_x86
  • Sun Solaris 8
  • Sun SunOS 5.8 _x86
  • Sun SunOS 5.8
    Apache Software Foundation Apache 1.3.6
  • Sun Cobalt ManageRaQ3 3000R-mr
  • Sun Cobalt RaQ3 3000R
  • Sun Cobalt Velociraptor
    Apache Software Foundation Apache 1.3.4
  • BSDI BSD/OS 4.0
    Apache Software Foundation Apache 1.3.3
  • RedHat Linux 5.2 sparc
  • RedHat Linux 5.2 i386
  • RedHat Linux 5.2 alpha
    Apache Software Foundation Apache 1.3.1
    Apache Software Foundation Apache 1.3
  • Apple Mac OS X 10.3.2
  • Apple Mac OS X 10.3.1
  • Apple Mac OS X 10.3
  • Apple Mac OS X 10.2.8
  • Apple Mac OS X 10.2.7
  • Apple Mac OS X 10.2.6
  • Apple Mac OS X 10.2.5
  • Apple Mac OS X 10.2.4
  • Apple Mac OS X 10.2.3
  • Apple Mac OS X 10.2.2
  • Apple Mac OS X 10.2.1
  • Apple Mac OS X 10.2
  • Apple Mac OS X 10.1.5
  • Apple Mac OS X 10.1.4
  • Apple Mac OS X 10.1.3
  • Apple Mac OS X 10.1.2
  • Apple Mac OS X 10.1.1
  • Apple Mac OS X 10.1
  • Apple Mac OS X Server 10.3.2
  • Apple Mac OS X Server 10.3.1
  • Apple Mac OS X Server 10.3
  • Apple Mac OS X Server 10.2.8
  • Apple Mac OS X Server 10.2.7
  • Apple Mac OS X Server 10.2.6
  • Apple Mac OS X Server 10.2.5
  • Apple Mac OS X Server 10.2.4
  • Apple Mac OS X Server 10.2.3
  • Apple Mac OS X Server 10.2.2
  • Apple Mac OS X Server 10.2.1
  • Apple Mac OS X Server 10.2
  • Apple Mac OS X Server 10.1.5
  • Apple Mac OS X Server 10.1.4
  • Apple Mac OS X Server 10.1.3
  • Apple Mac OS X Server 10.1.2
  • Apple Mac OS X Server 10.1.1
  • Apple Mac OS X Server 10.1
  • Microsoft Windows 2000 Professional
  • Microsoft Windows NT 4.0
    Apache Software Foundation Apache 2.0.61-dev
    Apache Software Foundation Apache 2.0.60-dev

厂商解决方案
Apache 2.2.7-dev, 1.3.40-dev, 和2.0.62-dev已经修正此漏洞:
<a href=“http://www.apache.org/” target=“_blank”>http://www.apache.org/</a>