Update protection against Apache HTTP Server mod_proxy_ftp Wildcard Characters Cross Site Scripting
| Check Point Reference: | CPAI-2008-226 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA31384 | |
| Industry Reference(s): | CVE-2008-2939 US-CERT VU#663763 |
|
| Protection Provided by: |
IPS-1
|
|
| Who is Vulnerable? Apache Software Foundation HTTP Server 2.0.63 and prior Apache Software Foundation HTTP Server 2.2.9 and prior | ||
| Vulnerability Description A cross site scripting vulnerability exists in Apache web server mod_proxy_ftp module. The Apache HTTP server is the most popular web server used on the Internet. The Apache mod_proxy_ftp module allows the Apache web server to act as a proxy for FTP sites. The mod_proxy_ftp module fails to properly sanitize user-supplied input. By supplying a crafted FTP URL, a remote attacker may be able to execute arbitrary Javascript in the context of a site being proxied by the Apache server. This may allow an attacker to steal cookies (including authentication cookies) and launch other attacks. |
||
|
Update/Patch Available Apache has released updates to address this issue: http://svn.apache.org/viewvc?view=rev&revision=682868 http://svn.apache.org/viewvc?view=rev&revision=682868 http://svn.apache.org/viewvc?view=rev&revision=682871 |
|
|
Vulnerability Details The flaw is due to improper globbing on the part of the mod_proxy_ftp module. Apache Filename globbing is the process of using wildcards to match filenames. The mod_proxy_ftp module fails to properly filter globbed characters in FTP URIs. Successful exploitation would result in compromise of target user’s cookies associated with the site and modification of user information. |
Protection Overview
By enabling this protection, IPS-1 will detect and block HTTP requests for files with a particular file name pattern.
To configure the defense, select your product from the list below and follow the related protection steps.