Bug: Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability ( Ascii Version )

Search:
WLB2

Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability

Published
Credit
Risk
2008.01.10
sp3x
Low
CWE
CVE
Local
Remote
CWE-79
CVE-2008-0005
Yes
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability]

Author: sp3x

Date:
- - Written: 15.12.2007
- - Public: 10.01.2008

SecurityReason Research
SecurityAlert Id: 49

CVE: CVE-2008-0005
SecurityRisk: Low

Affected Software: Apache 2.2.x (mod_proxy_ftp)
Apache 1.3.x
Apache 2.0.x

Advisory URL: http://securityreason.com/achievement_securityalert/49
Vendor: http://httpd.apache.org

- --- 0.Description ---

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating
systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server
that provides HTTP services in sync with the current HTTP standards.

Apache has been the most popular web server on the Internet since April 1996. The November 2005 Netcraft Web Server
Survey found that more than 70% of the web sites on the Internet are using Apache, thus making it more widely used than
all other web servers combined.

mod_proxy_ftp : http://httpd.apache.org/docs/2.2/mod/mod_proxy_ftp.html

- From apache site : "It provides support for the proxying FTP sites. Note that FTP support is currently limited to
the GET method."

- --- 1. Apache Undefined Charset UTF-7 XSS Vulnerability ---

The XSS(UTF7) exist in mod_proxy_ftp.c . Charset is not defined
and we can provide XSS attack using ";" char in URL by setting Charset to UTF-7.

- --- 2. Exploit ---

SecurityReason is not going to release a exploit to the general public.
Exploit was provided and tested for Apache Team .

- --- 3. How to fix ---

Update to Apache 2.2.7-dev
Apache 1.3.40-dev
Apache 2.0.62-dev

- --- 4. References ---

Apache2 Undefined Charset UTF-7 XSS Vulnerability : http://securityreason.com/achievement_securityalert/46 by
Maksymilian Arciemowicz

- --- 5. Greets ---

For: Maksymilian Arciemowicz ( cXIb8O3 ), Infospec, pi3, p_e_a, mpp

- --- 6. Contact ---

Author: sp3x
Email: sp3x [at] securityreason [dot] com
GPG: http://securityreason.com/key/sp3x.gpg
http://securityreason.com
http://securityreason.pl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFHhUp2haZ93YsJSwQRAgYPAJ9CYYZv1MthEQpfqg97ReFQ56RHVQCfdoKs
0uz3Q3HNdQfgbuc8uRh3Ol8=
=dn1x
-----END PGP SIGNATURE-----

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version