ISS X-Force Database: apache-modproxyftp-utf7-xss(39615): Apache HTTP Server mod_proxy

Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting

apache-modproxyftp-utf7-xss (39615)

Medium Risk

Description:

Apache HTTP Server is vulnerable to cross-site scripting, caused by improper validation of user supplied input by mod_proxy_ftp.c. A remote attacker could exploit this vulnerability using the UTF-7 charset option to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

Platforms Affected:

Apache, HTTP Server 1.3
Apache, HTTP Server 1.3.0
Apache, HTTP Server 1.3.1
Apache, HTTP Server 1.3.10
Apache, HTTP Server 1.3.11
Apache, HTTP Server 1.3.12
Apache, HTTP Server 1.3.13
Apache, HTTP Server 1.3.14
Apache, HTTP Server 1.3.15
Apache, HTTP Server 1.3.16
Apache, HTTP Server 1.3.17
Apache, HTTP Server 1.3.18
Apache, HTTP Server 1.3.19
Apache, HTTP Server 1.3.2
Apache, HTTP Server 1.3.20
Apache, HTTP Server 1.3.22
Apache, HTTP Server 1.3.23
Apache, HTTP Server 1.3.24
Apache, HTTP Server 1.3.25
Apache, HTTP Server 1.3.26
Apache, HTTP Server 1.3.27
Apache, HTTP Server 1.3.28
Apache, HTTP Server 1.3.29
Apache, HTTP Server 1.3.3
Apache, HTTP Server 1.3.30
Apache, HTTP Server 1.3.31
Apache, HTTP Server 1.3.32
Apache, HTTP Server 1.3.33
Apache, HTTP Server 1.3.34
Apache, HTTP Server 1.3.35
Apache, HTTP Server 1.3.36
Apache, HTTP Server 1.3.37
Apache, HTTP Server 1.3.38
Apache, HTTP Server 1.3.39
Apache, HTTP Server 1.3.4
Apache, HTTP Server 1.3.5
Apache, HTTP Server 1.3.6
Apache, HTTP Server 1.3.7
Apache, HTTP Server 1.3.8
Apache, HTTP Server 1.3.9
Apache, HTTP Server 2.0
Apache, HTTP Server 2.0 A9
Apache, HTTP Server 2.0.28 Beta
Apache, HTTP Server 2.0.28
Apache, HTTP Server 2.0.32
Apache, HTTP Server 2.0.32 Beta
Apache, HTTP Server 2.0.34 Beta
Apache, HTTP Server 2.0.35
Apache, HTTP Server 2.0.36
Apache, HTTP Server 2.0.37
Apache, HTTP Server 2.0.38
Apache, HTTP Server 2.0.39
Apache, HTTP Server 2.0.40
Apache, HTTP Server 2.0.41
Apache, HTTP Server 2.0.42
Apache, HTTP Server 2.0.43
Apache, HTTP Server 2.0.44
Apache, HTTP Server 2.0.45
Apache, HTTP Server 2.0.46
Apache, HTTP Server 2.0.47
Apache, HTTP Server 2.0.48
Apache, HTTP Server 2.0.49
Apache, HTTP Server 2.0.50
Apache, HTTP Server 2.0.51
Apache, HTTP Server 2.0.52
Apache, HTTP Server 2.0.53
Apache, HTTP Server 2.0.54
Apache, HTTP Server 2.0.55
Apache, HTTP Server 2.0.56
Apache, HTTP Server 2.0.56 Dev
Apache, HTTP Server 2.0.57
Apache, HTTP Server 2.0.58
Apache, HTTP Server 2.0.59
Apache, HTTP Server 2.0.60
Apache, HTTP Server 2.0.60 Dev
Apache, HTTP Server 2.0.61
Apache, HTTP Server 2.0.61 Dev
Apache, HTTP Server 2.2
Apache, HTTP Server 2.2.0
Apache, HTTP Server 2.2.1
Apache, HTTP Server 2.2.2
Apache, HTTP Server 2.2.3
Apache, HTTP Server 2.2.4
Apache, HTTP Server 2.2.5
Apache, HTTP Server 2.2.5 Dev
Apache, HTTP Server 2.2.6
Canonical, Ubuntu 6.06 LTS
Canonical, Ubuntu 6.10
Canonical, Ubuntu 7.04
Canonical, Ubuntu 7.10
Gentoo, Linux
IBM, HMC 6 R1.3
Mandriva, Corporate Server 3.0
Mandriva, Corporate Server 3.0 X86_64
Mandriva, Corporate Server 4.0 X86_64
Mandriva, Corporate Server 4.0
Mandriva, Linux 2007 X86_64
Mandriva, Linux 2007
Mandriva, Linux 2007.1 X86_64
Mandriva, Linux 2007.1
Mandriva, Linux 2008.0
Mandriva, Linux 2008.0 X86_64
Mandriva, Multi Network Firewall 2.0
Novell, Linux Desktop 9
Novell, Linux Desktop 9 SDK
Novell, Linux POS 9
Novell, Open Enterprise Server
Novell, Open Enterprise Server
Novell, OpenSUSE 10.2
Novell, OpenSUSE 10.3
Novell, SLE SDK 10 SP1
Novell, SUSE Linux Enterprise Desktop 10 SP1
Novell, SUSE Linux Enterprise Server 10
Novell, SUSE Linux Enterprise Server 10 SP1
RedHat, Enterprise Linux 2.1 AS
RedHat, Enterprise Linux 2.1 ES
RedHat, Enterprise Linux 2.1 WS
RedHat, Enterprise Linux 3 WS
RedHat, Enterprise Linux 3 ES
RedHat, Enterprise Linux 3 AS
RedHat, Enterprise Linux 3 Desktop
RedHat, Enterprise Linux 4 AS
RedHat, Enterprise Linux 4 Desktop
RedHat, Enterprise Linux 4 WS
RedHat, Enterprise Linux 4 ES
RedHat, Enterprise Linux 5
RedHat, Enterprise Linux 5 Client
RedHat, Enterprise Linux 5 Client Workstation
RedHat, Linux Advanced Workstation 2.1 Itanium
RedHat, Red Hat Application Stack v1 for EL AS 4
RedHat, Red Hat Application Stack v1 for EL ES 4
RedHat, RHEL Application Stack 2
SuSE, OpenSuSE 10.2
SuSE, OpenSuSE 10.3
SuSE, SLE SDK 10
SuSE, SuSE SLES 9
Turbolinux, Turbolinux 10 Server
Turbolinux, Turbolinux 10 Server x64 Ed
Turbolinux, Turbolinux 11 Server
Turbolinux, Turbolinux 11 Server x64 Ed
Turbolinux, Turbolinux FUJI
Turbolinux, Turbolinux Multimedia
Turbolinux, Turbolinux Personal
Turbolinux, Turbolinux Appliance Server 1.0 Hosting Ed
Turbolinux, Turbolinux Appliance Server 1.0 Workgroup Ed
Turbolinux, Turbolinux Appliance Server 2.0

Remedy:

Upgrade to the latest version of Apache HTTP Server (2.2.7-dev or later), available from the Apache Web site. See References.

For Apache 1.3.x:
Upgrade to the latest version of Apache HTTP Server (2.0.62-dev or later), available from the Apache Web site. See References.

For Apache Apache 2.0.x:
Upgrade to the latest version of Apache HTTP Server (1.3.40-dev or later), available from the Apache Web site. See References.

For other distributions:
Apply the appropriate update for your system. See References.

Consequences:

Gain Access

References:

Apache Web site, Apache at http://apache.org.
IBM Systems Support Web site, Support for HMC at https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v61.Readme.html#MH01110.
SecurityReason Advisory: SecurityAlert : 49, Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability at http://securityreason.com/achievement_securityalert/49.
ASA-2008-026: httpd security update (RHSA-2008-0005)
ASA-2008-027: httpd security update (RHSA-2008-0007)
ASA-2008-031: Apache security update (RHSA-2008-0004)
ASA-2008-032: httpd security update (RHSA-2008-0006)
BID-27234: Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
CVE-2008-0005: mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
FrSIRT/ADV-2008-0924: Apple Mac OS X Command Execution and Security Bypass Issues
FrSIRT/ADV-2008-1875: IBM Hardware Management Console Cross Site Scripting Vulnerabilities
GLSA-200803-19: Apache: Multiple vulnerabilities
MDVSA-2008:014: Updated apache 1.3.x packages fix multiple vulnerabilities
MDVSA-2008:015: Updated apache 2.0.x packages fix multiple vulnerabilities
MDVSA-2008:016: Updated apache 2.2.x packages fix multiple vulnerabilities
RHSA-2008-0004: Moderate: apache security update
RHSA-2008-0005: Moderate: httpd security update
RHSA-2008-0006: Moderate: httpd security update
RHSA-2008-0007: Moderate: httpd security update
RHSA-2008-0008: Moderate: httpd security update
RHSA-2008-0009: Moderate: httpd security update
SA28607: Avaya Products httpd Multiple Vulnerabilities
SA29420: Mac OS X Security Update Fixes Multiple Vulnerabilities
SA30732: IBM HMC Apache Multiple Vulnerabilities
SECTRACK ID: 1019185: Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
SUSE-SA:2008:021: Apache security problems

Reported:

Jan 10, 2008

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page