ISS X-Force Database: apache-modproxyftp-utf7-xss(39615): Apache HTTP Server mod_proxy

Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting

apache-modproxyftp-utf7-xss (39615)

Medium Risk

Description:

Apache HTTP Server is vulnerable to cross-site scripting, caused by improper validation of user supplied input by mod_proxy_ftp.c. A remote attacker could exploit this vulnerability using the UTF-7 charset option to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

Platforms Affected:

Apache, HTTP Server 1.3
Apache, HTTP Server 1.3.0
Apache, HTTP Server 1.3.1
Apache, HTTP Server 1.3.10
Apache, HTTP Server 1.3.11
Apache, HTTP Server 1.3.12
Apache, HTTP Server 1.3.13
Apache, HTTP Server 1.3.14
Apache, HTTP Server 1.3.15
Apache, HTTP Server 1.3.16
Apache, HTTP Server 1.3.17
Apache, HTTP Server 1.3.18
Apache, HTTP Server 1.3.19
Apache, HTTP Server 1.3.2
Apache, HTTP Server 1.3.20
Apache, HTTP Server 1.3.22
Apache, HTTP Server 1.3.23
Apache, HTTP Server 1.3.24
Apache, HTTP Server 1.3.25
Apache, HTTP Server 1.3.26
Apache, HTTP Server 1.3.27
Apache, HTTP Server 1.3.28
Apache, HTTP Server 1.3.29
Apache, HTTP Server 1.3.3
Apache, HTTP Server 1.3.30
Apache, HTTP Server 1.3.31
Apache, HTTP Server 1.3.32
Apache, HTTP Server 1.3.33
Apache, HTTP Server 1.3.34
Apache, HTTP Server 1.3.35
Apache, HTTP Server 1.3.36
Apache, HTTP Server 1.3.37
Apache, HTTP Server 1.3.38
Apache, HTTP Server 1.3.39
Apache, HTTP Server 1.3.4
Apache, HTTP Server 1.3.5
Apache, HTTP Server 1.3.6
Apache, HTTP Server 1.3.7
Apache, HTTP Server 1.3.8
Apache, HTTP Server 1.3.9
Apache, HTTP Server 2.0
Apache, HTTP Server 2.0 A9
Apache, HTTP Server 2.0.28
Apache, HTTP Server 2.0.28 Beta
Apache, HTTP Server 2.0.32 Beta
Apache, HTTP Server 2.0.32
Apache, HTTP Server 2.0.34 Beta
Apache, HTTP Server 2.0.35
Apache, HTTP Server 2.0.36
Apache, HTTP Server 2.0.37
Apache, HTTP Server 2.0.38
Apache, HTTP Server 2.0.39
Apache, HTTP Server 2.0.40
Apache, HTTP Server 2.0.41
Apache, HTTP Server 2.0.42
Apache, HTTP Server 2.0.43
Apache, HTTP Server 2.0.44
Apache, HTTP Server 2.0.45
Apache, HTTP Server 2.0.46
Apache, HTTP Server 2.0.47
Apache, HTTP Server 2.0.48
Apache, HTTP Server 2.0.49
Apache, HTTP Server 2.0.50
Apache, HTTP Server 2.0.51
Apache, HTTP Server 2.0.52
Apache, HTTP Server 2.0.53
Apache, HTTP Server 2.0.54
Apache, HTTP Server 2.0.55
Apache, HTTP Server 2.0.56 Dev
Apache, HTTP Server 2.0.56
Apache, HTTP Server 2.0.57
Apache, HTTP Server 2.0.58
Apache, HTTP Server 2.0.59
Apache, HTTP Server 2.0.60
Apache, HTTP Server 2.0.60 Dev
Apache, HTTP Server 2.0.61 Dev
Apache, HTTP Server 2.0.61
Apache, HTTP Server 2.2
Apache, HTTP Server 2.2.0
Apache, HTTP Server 2.2.1
Apache, HTTP Server 2.2.2
Apache, HTTP Server 2.2.3
Apache, HTTP Server 2.2.4
Apache, HTTP Server 2.2.5
Apache, HTTP Server 2.2.5 Dev
Apache, HTTP Server 2.2.6
Canonical, Ubuntu 6.06 LTS
Canonical, Ubuntu 6.10
Canonical, Ubuntu 7.04
Canonical, Ubuntu 7.10
Gentoo, Linux
MandrakeSoft, Mandrake Linux 2007 X86_64
MandrakeSoft, Mandrake Linux 2007
MandrakeSoft, Mandrake Linux 2007.1 X86_64
MandrakeSoft, Mandrake Linux 2007.1
MandrakeSoft, Mandrake Linux 2008.0
MandrakeSoft, Mandrake Linux 2008.0 X86_64
MandrakeSoft, Mandrake Linux Corporate Server 3.0
MandrakeSoft, Mandrake Linux Corporate Server 3.0 X86_64
MandrakeSoft, Mandrake Linux Corporate Server 4.0 X86_64
MandrakeSoft, Mandrake Linux Corporate Server 4.0
MandrakeSoft, Mandrake Multi Network Firewall 2.0
Novell, Linux Desktop 9
Novell, Linux Desktop 9 SDK
Novell, Linux POS 9
Novell, Open Enterprise Server
Novell, Open Enterprise Server
Novell, OpenSUSE 10.2
Novell, OpenSUSE 10.3
Novell, SLE SDK 10 SP1
Novell, SUSE Linux Enterprise Desktop 10 SP1
Novell, SUSE Linux Enterprise Server 10 SP1
Novell, SUSE Linux Enterprise Server 10
RedHat, Application Stack v1 for EL AS 4
RedHat, Application Stack v1 for EL ES 4
RedHat, Enterprise Linux 2.1 WS
RedHat, Enterprise Linux 2.1 ES
RedHat, Enterprise Linux 2.1 AS
RedHat, Enterprise Linux 3 Desktop
RedHat, Enterprise Linux 3 AS
RedHat, Enterprise Linux 3 ES
RedHat, Enterprise Linux 3 WS
RedHat, Enterprise Linux 4 AS
RedHat, Enterprise Linux 4 ES
RedHat, Enterprise Linux 4 WS
RedHat, Enterprise Linux 4 Desktop
RedHat, Enterprise Linux 5
RedHat, Enterprise Linux 5 Client
RedHat, Enterprise Linux 5 Client Workstation
RedHat, Linux Advanced Workstation 2.1 Itanium
RedHat, RHEL Application Stack 2
SuSE, SLE SDK 10
SuSE, SuSE SLES 9
Turbolinux, Turbolinux 10 Server
Turbolinux, Turbolinux 10 Server x64 Ed
Turbolinux, Turbolinux 11 Server
Turbolinux, Turbolinux 11 Server x64 Ed
Turbolinux, Turbolinux FUJI
Turbolinux, Turbolinux Multimedia
Turbolinux, Turbolinux Personal
Turbolinux, Turbolinux Appliance Server 1.0 Hosting Ed
Turbolinux, Turbolinux Appliance Server 1.0 Workgroup Ed
Turbolinux, Turbolinux Appliance Server 2.0

Remedy:

Upgrade to the latest version of Apache HTTP Server (2.2.7-dev or later), available from the Apache Web site. See References.

For Apache 1.3.x:
Upgrade to the latest version of Apache HTTP Server (2.0.62-dev or later), available from the Apache Web site. See References.

For Apache Apache 2.0.x:
Upgrade to the latest version of Apache HTTP Server (1.3.40-dev or later), available from the Apache Web site. See References.

For other distributions:
Apply the appropriate update for your system. See References.

Consequences:

Gain Access

References:

Apache Web site, Apache at http://apache.org.
IBM Systems Support Web site, Support for HMC at https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v61.Readme.html#MH01110.
SecurityReason Advisory: SecurityAlert : 49, Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability at http://securityreason.com/achievement_securityalert/49.
ASA-2008-026: httpd security update (RHSA-2008-0005)
ASA-2008-027: httpd security update (RHSA-2008-0007)
ASA-2008-031: Apache security update (RHSA-2008-0004)
ASA-2008-032: httpd security update (RHSA-2008-0006)
ASA-2009-255: HPSBUX02431 SSRT090085 rev.1 - HP-UX Running Apache Web Server SuiteRemote Denial of Service (DoS) Execution of Arbitrary Code
BID-27234: Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
CVE-2008-0005: mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
GLSA-200803-19: Apache: Multiple vulnerabilities
MDVSA-2008:014: Updated apache 1.3.x packages fix multiple vulnerabilities
MDVSA-2008:015: Updated apache 2.0.x packages fix multiple vulnerabilities
MDVSA-2008:016: Updated apache 2.2.x packages fix multiple vulnerabilities
RHSA-2008-0004: Moderate: apache security update
RHSA-2008-0005: Moderate: httpd security update
RHSA-2008-0006: Moderate: httpd security update
RHSA-2008-0007: Moderate: httpd security update
RHSA-2008-0008: Moderate: httpd security update
RHSA-2008-0009: Moderate: httpd security update
SA28607: Avaya Products httpd Multiple Vulnerabilities
SA29420: Mac OS X Security Update Fixes Multiple Vulnerabilities
SA30732: IBM HMC Apache Multiple Vulnerabilities
SECTRACK ID: 1019185: Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
SUSE-SA:2008:021: Apache security problems

Reported:

Jan 10, 2008

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page