Computer Security
[EN] securityvulns.ru no-pyccku


Apache multiple security vulnerabilities
updated since 12.01.2008
Published:24.01.2008
Source:
SecurityVulns ID:8559
Type:remote
Threat Level:
5/10
Description:mod_proxy_balancer сrossite scripting, crossite requests forgery, memory corruption, DoS, mod_proxy_ftp and mod_status, mod_negotiation - crossite scripting.
Affected:APACHE : Apache 1.3
 APACHE : Apache 2.0
 APACHE : Apache 2.2
CVE:CVE-2008-0005 (mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.)
 CVE-2007-6423
 CVE-2007-6422 (The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.)
 CVE-2007-6421
 CVE-2007-6420
 CVE-2007-6388 (Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentMinded Security Research Labs, Apache mod_negotiation Xss and Http Response Splitting (24.01.2008)
 documentsp3x_(at)_securityreason.com, SecurityReason - Apache (mod_status) Refresh Header - Open Redirector (XSS) (16.01.2008)
 documentsp3x_(at)_securityreason.com, SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability (12.01.2008)
 documentsp3x_(at)_securityreason.com, SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability (12.01.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod