Register | Forget Password | Login
Search :
SecurityReason

News

Search

SecurityAlert

About SecurityAlert

ExploitAlert

SecurityReason Research
WLB

WLB Database

Send to WLB

About WLB
RSS

News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP
Corporate

Contact

About us
Services

SecurePHP
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Details : SecurityReason Advisory

  Topic : Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability
  SecurityAlert : 49
  CVE : CVE-2008-0005
  SecurityRisk : Low  alert  (About)
  Remote Exploit : Yes
  Local Exploit : No
  Exploit Given : No
  Credit : sp3x
  Date : 10.01.2008

  Affected Software : Apache 2.2.x (mod_proxy_ftp)
Apache 1.3.x
Apache 2.0.x

  Advisory Text :  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS
Vulnerability]

Author: sp3x

Date:
- - Written: 15.12.2007
- - Public: 10.01.2008

SecurityReason Research
SecurityAlert Id: 49

CVE: CVE-2008-0005
SecurityRisk: Low

Affected Software: Apache 2.2.x (mod_proxy_ftp)
Apache 1.3.x
Apache 2.0.x

Advisory URL: http://securityreason.com/achievement_securityalert/49
Vendor: http://httpd.apache.org

- --- 0.Description ---

The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for modern operating systems including UNIX and
Windows NT. The goal of this project is to provide a secure, efficient
and extensible server that provides HTTP services in sync with the
current HTTP standards.

Apache has been the most popular web server on the Internet since April
1996. The November 2005 Netcraft Web Server Survey found that more than
70% of the web sites on the Internet are using Apache, thus making it
more widely used than all other web servers combined.

mod_proxy_ftp : http://httpd.apache.org/docs/2.2/mod/mod_proxy_ftp.html

- From apache site : "It provides support for the proxying FTP sites.
Note that FTP support is currently limited to the GET method."

- --- 1. Apache Undefined Charset UTF-7 XSS Vulnerability ---

The XSS(UTF7) exist in mod_proxy_ftp.c . Charset is not defined
and we can provide XSS attack using ";" char in URL by setting Charset
to UTF-7.

- --- 2. Exploit ---

SecurityReason is not going to release a exploit to the general public.
Exploit was provided and tested for Apache Team .

- --- 3. How to fix ---

Update to Apache 2.2.7-dev
Apache 1.3.40-dev
Apache 2.0.62-dev

- --- 4. References ---

Apache2 Undefined Charset UTF-7 XSS Vulnerability :
http://securityreason.com/achievement_securityalert/46 by Maksymilian
Arciemowicz

- --- 5. Greets ---

For: Maksymilian Arciemowicz ( cXIb8O3 ), Infospec, pi3, p_e_a, mpp

- --- 6. Contact ---

Author: sp3x
Email: sp3x [at] securityreason [dot] com
GPG: http://securityreason.com/key/sp3x.gpg
http://securityreason.com
http://securityreason.pl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFHhUp2haZ93YsJSwQRAgYPAJ9CYYZv1MthEQpfqg97ReFQ56RHVQCfdoKs
0uz3Q3HNdQfgbuc8uRh3Ol8=
=dn1x
-----END PGP SIGNATURE-----
Alert

*BSD libc (strfmon) Multiple vulnerabilities

high- 2008-03-25

Maksymilian Arciemowicz discovered a Integer Overflow vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected *BSD systems.
Apache rss

» Apache-SSL memory
   disclosure

» Apache mod_negotiation
   Xss and Http Response
   Splitting

» Apache (mod_status)
   Refresh Header - Open
   Redirector (XSS)

» Apache (mod_proxy_ftp)
   Undefined Charset UTF-7
   XSS Vulnerability
PHP rss

» PHP 5.2.6 chdir(),ftok()
   (standard ext) safe_mode
   bypass

» PHP 5.2.6 posix_access()
   (posix ext) safe_mode
   bypass

» PHP 5.2.5 and prior :
   *printf() functions
   Integer Overflow

» PHP 5.2.5 cURL safe_mode
   bypass
Copyright © SecurityReason. All Rights Reserved.