bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[VulnWatch] Apache Illegal Request Handling Possible XSS Vulnerability

from [Michal Majchrowicz] [Permanent Link][Original]
To: full-disclosure@lists.grok.org.uk, vulnwatch@vulnwatch.org, vulndiscuss@vulnwatch.org, bugtraq@securityfocus.com
Subject: [VulnWatch] Apache Illegal Request Handling Possible XSS Vulnerability
From: "Michal Majchrowicz" <m.majchrowicz@gmail.com>
Date: Tue, 24 Apr 2007 10:53:26 +0200
Delivered-to: sp-com-lists@consult.net
Delivered-to: vulnwatch-list@securepoint.com
Delivered-to: mailing list vulnwatch@vulnwatch.org
Delivered-to: moderator for vulnwatch@vulnwatch.org
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth; b=R20Zacr/ndnXEsUh427ZslloikTB5t3+t8R3XiskDtK3yfJ/MvTsLftBlk08Ig3+nc228nuI2QL4b3BLherRqj3PPOpG8d3jXodH1UtWLcOEn197OaDdYfmcQHEZGpnfGUN12zoMDF/+dzkdRbhxLtH/ONLOhrzeO5dceXVOnRs=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth; b=utYSGs/de28rP+Nqyr4D30Vvgozda+Q+iR4fkFb5wKAbfgjOLPtG5f2WdL23izJBrOdQDIUKNy4QNKjp3lSnHzpVRvBANBf6sPpne3zDC/fa0Jke0xEMCYzw0IMfs9zgVhpn5lJHbVZLZITwqqmx3b31n1tJYZlV9m2nvd//Avw=
List-help: <mailto:vulnwatch-help@vulnwatch.org>
List-post: <mailto:vulnwatch@vulnwatch.org>
List-subscribe: <mailto:vulnwatch-subscribe@vulnwatch.org>
List-unsubscribe: <mailto:vulnwatch-unsubscribe@vulnwatch.org>
Mailing-list: contact vulnwatch-help@vulnwatch.org; run by ezmlm
Sender: mmajchrowicz@gmail.com 
Hi.
I think now we can classify this as flaw in Apache. It accepts
requests that simply make no sense. Take a look at this example:
<script>alert(document.cookie);</script> /test.php
<script>alert(document.cookie);</script>
In some circumstances it may cause XSS vulnerability:
<?php
       echo $_SERVER['REQUEST_METHOD'];
       echo $_SERVER['SERVER_PROTOCOL'];
?>
I am now investigating other possible attacks.
Regards Michal Majchrowicz.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [VulnWatch] Apache Illegal Request Handling Possible XSS Vulnerability, Michal Majchrowicz <=
Previous by Date:  [VulnWatch] Apache/PHP REQUEST_METHOD XSS Vulnerability, Michal Majchrowicz
Next by Date:  [VulnWatch] iDefense Security Advisory 04.26.07: Novell eDirectory NCP Fragment Denial of Service Vulnerability, iDefense Labs
Previous by Thread:  [VulnWatch] Apache/PHP REQUEST_METHOD XSS Vulnerability, Michal Majchrowicz
Next by Thread:  [VulnWatch] iDefense Security Advisory 04.26.07: Novell eDirectory NCP Fragment Denial of Service Vulnerability, iDefense Labs
Indexes:  [Date] [Thread] [Top] [All Lists]