TUCoPS :: Web :: Apache :: bx1453.htm

Apache (mod_status) Refresh Header - Open Redirector (XSS)
SecurityReason - Apache (mod_status) Refresh Header - Open Redirector (XSS)
SecurityReason - Apache (mod_status) Refresh Header - Open Redirector (XSS)



-----BEGIN PGP SIGNED MESSAGE-----=0D
Hash: SHA1=0D
=0D
[SecurityReason - Apache (mod_status) Refresh Header - Open Redirector (XSS)]=0D
=0D
Author: sp3x=0D
=0D
Date:=0D
- - Written: 15.12.2007=0D
- - Public: 15.01.2008=0D
=0D
SecurityReason Research=0D
SecurityAlert Id: 50=0D
=0D
CVE: CVE-2007-6388=0D
SecurityRisk: Low=0D
=0D
Affected Software: Apache 2.2.x (mod_status)=0D
		   Apache 1.3.x=0D
                   Apache 2.0.x=0D
=0D
Advisory URL: http://securityreason.com/achievement_securityalert/50=0D 
Vendor: http://httpd.apache.org=0D 
=0D
- --- 0.Description ---=0D
=0D
The Apache HTTP Server Project is an effort to develop and=0D
maintain an open-source HTTP server for modern operating systems=0D
including UNIX and Windows NT. The goal of this project is to=0D
provide a secure, efficient and extensible server that provides=0D
HTTP services in sync with the current HTTP standards.=0D
=0D
Apache has been the most popular web server on the Internet since=0D
April 1996. The November 2005 Netcraft Web Server Survey found=0D
that more than 70% of the web sites on the Internet are using=0D
Apache, thus making it more widely used than all other web=0D
servers combined.=0D
=0D
mod_status : http://httpd.apache.org/docs/2.0/mod/mod_status.html=0D 
=0D
- From apache site : "The Status module allows a server administrator to find out how well their server is performing. A HTML page is presented that gives the current server statistics in an easily readable form. If required this page can be made to automatically refresh (given a compatible browser). Another page gives a simple machine-readable list of the current server state."=0D
=0D
- --- 1. Apache Refresh Header - Open Redirector (XSS) Vulnerability ---=0D
=0D
During the fact that Apache mod_status do not filter char ";" we can inject new URL.=0D
This fact give attacker open redirector and can lead to phishing attack.=0D
Also attacker can create more advanced method to trigger XSS on victim's browser.=0D
=0D
- --- 2. Exploit ---=0D
=0D
SecurityReason is not going to release a exploit to the general public.=0D
Exploit was provided and tested for Apache Team .=0D
=0D
- --- 3. How to fix ---=0D
=0D
Update to Apache 2.2.7-dev=0D
	  Apache 1.3.40-dev=0D
          Apache 2.0.62-dev=0D
=0D
http://httpd.apache.org/security/vulnerabilities_22.html=0D 
http://httpd.apache.org/security/vulnerabilities_20.html=0D 
http://httpd.apache.org/security/vulnerabilities_13.html=0D 
=0D
- --- 4. References ---=0D
=0D
A Refreshing Look at Redirection : http://www.securityfocus.com/archive/1/450418 by Amit Klein=0D 
=0D
- --- 5. Greets ---=0D
=0D
For: Maksymilian Arciemowicz ( cXIb8O3 ), Infospec, pi3, p_e_a, mpp=0D
=0D
- --- 6. Contact ---=0D
=0D
Author: sp3x=0D
Email: sp3x [at] securityreason [dot] com=0D
GPG: http://securityreason.com/key/sp3x.gpg=0D 
http://securityreason.com=0D 
-----BEGIN PGP SIGNATURE-----=0D
Version: GnuPG v1.2.7 (GNU/Linux)=0D
=0D
iD8DBQFHjGt7haZ93YsJSwQRAqD6AKDLNgb5jrXfwA/XvJsgabTyvAd+XACgw7WJ=0D
nufKkakHNgwwqaLjZR464Fk==0D
=T+VM=0D
-----END PGP SIGNATURE-----=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH