Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability

Bugtraq ID:	25653
Class:	Input Validation Error
CVE:	CVE-2007-4465
Remote:	Yes
Local:	No
Published:	Sep 12 2007 12:00AM
Updated:	Aug 05 2010 09:45PM
Credit:	Maksymilian Arciemowicz is credited with the discovery of this vulnerability. <br>
Vulnerable:	Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 11 x64 Turbolinux Turbolinux Server 11 Turbolinux Turbolinux Server 10.0.0 x64 TurboLinux Personal TurboLinux Multimedia Turbolinux FUJI 0 Turbolinux Appliance Server Workgroup Edition 1.0 Turbolinux Appliance Server Hosting Edition 1.0 Turbolinux Appliance Server 1.0 Workgroup Edition Turbolinux Appliance Server 1.0 Hosting Edition Turbolinux Appliance Server 2.0 SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 10 SP1 SuSE SUSE Linux Enterprise SDK 10.SP1 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop SDK 9.0 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 10.1 Redhat Red Hat Network Satellite Server 5.0 Redhat Fedora Core7 Redhat Fedora Core6 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Enterprise Linux 5 Server Redhat Desktop 4.0 Redhat Desktop 3.0 Redhat Certificate Server 7.3 Redhat Application Stack v2 0 Redhat Application Stack v1 for Enterprise Linux ES 4 Redhat Application Stack v1 for Enterprise Linux AS 4 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 HP HP-UX B.11.31 HP HP-UX B.11.23 HP HP-UX B.11.11 Gentoo Linux Fujitsu INTERSTAGE Studio Enterprise Edition 9.0 Fujitsu INTERSTAGE Studio Enterprise Edition 8.0.1 Fujitsu INTERSTAGE Job Workload Server 8.1 Fujitsu INTERSTAGE Apworks Modelers-J Edition 7.0 Fujitsu INTERSTAGE Apworks Modelers-J Edition 6.0A Fujitsu INTERSTAGE Apworks Modelers-J Edition 6.0 Fujitsu iNTERSTAGE Application Server Web-J Edition 5.0 Fujitsu INTERSTAGE Application Server Standard-J Edition 9.1 Fujitsu INTERSTAGE Application Server Standard-J Edition 9.0 Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0.2 Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0.1 Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0 Fujitsu iNTERSTAGE Application Server Standard Edition 5.0 Fujitsu INTERSTAGE Application Server Plus Developer 5.0.1 Fujitsu INTERSTAGE Application Server Plus Developer 7.0 Fujitsu INTERSTAGE Application Server Plus Developer 6.0 Fujitsu Interstage Application Server Plus 7.0.1 Fujitsu Interstage Application Server Plus 5.0.1 Fujitsu Interstage Application Server Plus 7.0 Fujitsu Interstage Application Server Plus 6.0 Fujitsu INTERSTAGE Application Server Enterprise Edition 9.1 Fujitsu INTERSTAGE Application Server Enterprise Edition 9.0 A Fujitsu INTERSTAGE Application Server Enterprise Edition 9.0 Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.2 Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.1 Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0 Fujitsu INTERSTAGE Application Server Enterprise Edition 7.0.1 Fujitsu INTERSTAGE Application Server Enterprise Edition 5.0.1 Fujitsu INTERSTAGE Application Server Enterprise Edition 7.0 Fujitsu INTERSTAGE Application Server Enterprise Edition 6.0 Fujitsu INTERSTAGE Application Server Enterprise Edition 5.0 Avaya Voice Portal 4.1 Avaya Voice Portal 4.0 Avaya Messaging Storage Server MM3.0 Avaya Messaging Storage Server 3.1 Avaya Message Networking MN 3.1 Avaya Message Networking 3.1 Avaya Meeting Exchange 5.0 Avaya Intuity AUDIX LX 2.0 Avaya Communication Manager 5.0 Avaya Communication Manager 4.0 Avaya Communication Manager 3.1 Avaya Communication Manager 3.0 Avaya CCS 3.1.2 Avaya CCS 3.1.1 Avaya CCS 4.0 Avaya Aura SIP Enablement Services 3.1.1 Avaya Aura SIP Enablement Services 3.1 Avaya Aura Application Enablement Services 4.0.1 Avaya Aura Application Enablement Services 3.1.4 Avaya Aura Application Enablement Services 3.1.3 Avaya Aura Application Enablement Services 4.0 Avaya Aura Application Enablement Services 3.1 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 Apple Mac OS X 10.5 Apache Apache 2.2.4 Apache Apache 2.2.3 Apache Apache 2.2.2 Apache Apache 2.2 Apache Apache 2.1.8 Apache Apache 2.1.7 Apache Apache 2.1.6 Apache Apache 2.1.5 Apache Apache 2.1.4 Apache Apache 2.1.3 Apache Apache 2.1.2 Apache Apache 2.1.1 Apache Apache 2.1 Apache Apache 2.0.59 Apache Apache 2.0.58 Apache Apache 2.0.56 -dev Apache Apache 2.0.55 Apache Apache 2.0.54 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 amd64 + Debian Linux 3.1 alpha + Debian Linux 3.1 Apache Apache 2.0.53 Apache Apache 2.0.52 Apache Apache 2.0.51 Apache Apache 2.0.50 Apache Apache 2.0.49 Apache Apache 2.0.48 + Mandriva Linux Mandrake 10.0 AMD64 + Mandriva Linux Mandrake 10.0 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 + S.u.S.E. Linux Personal 8.2 + SuSE Linux 8.1 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Apache Apache 2.0.47 Apache Apache 2.0.46 Apache Apache 2.0.45 Apache Apache 2.0.44 Apache Apache 2.0.43 Apache Apache 2.0.42 Apache Apache 2.0.41 Apache Apache 2.0.40 + Redhat Linux 9.0 i386 + Redhat Linux 8.0 + Terra Soft Solutions Yellow Dog Linux 3.0 Apache Apache 2.0.39 Apache Apache 2.0.38 Apache Apache 2.0.37 Apache Apache 2.0.36 Apache Apache 2.0.35 Apache Apache 2.0.32 Apache Apache 2.0.28 Beta Apache Apache 2.0.28 Apache Apache 2.0 a9 Apache Apache 2.0 Apache Apache 2.2.5-dev Apache Apache 2.0.61-dev Apache Apache 2.0.60-dev
Not Vulnerable:	Apache Apache 2.2.6

Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability

Apache is affected by a vulnerability that may cause certain web pages to be prone to a cross-site scripting attack. This issue stems from a lack of a defined charset on certain generated pages.

Web pages generated by the affected source code may be prone to a cross-site scripting issue.

Versions prior to Apache 2.2.6 are affected.

NOTE: Reports indicate that this issue does not occur when the application is running on Windows operating systems.

Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability

An attacker can exploit a cross-site scripting issue by enticing an unsuspecting user to follow a malicious URI.

Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability

Solution:
Updates are available. Please see the references for more information.


Apple Mac OS X 10.5

• Apple Security Update 2008-003 (Intel)
  http://www.apple.com/support/downloads/securityupdate2008003intel.html


• Apple Security Update 2008-003 (PPC)
  http://www.apple.com/support/downloads/securityupdate2008003ppc.html

Apple Mac OS X 10.4.11

• Apple Security Update 2008-003 (Intel)
  http://www.apple.com/support/downloads/securityupdate2008003intel.html


• Apple Security Update 2008-003 (PPC)
  http://www.apple.com/support/downloads/securityupdate2008003ppc.html

Apple Mac OS X Server 10.4.11

• Apple Security Update 2008-003 Server (PPC)
  http://www.apple.com/support/downloads/securityupdate2008003serverppc. html


• Apple Security Update 2008-003 Server (Universal)
  http://www.apple.com/support/downloads/securityupdate2008003serveruniv ersal.html

Apple Mac OS X 10.5.2

• Apple Security Update 2008-003 (Intel)
  http://www.apple.com/support/downloads/securityupdate2008003intel.html


• Apple Security Update 2008-003 (PPC)
  http://www.apple.com/support/downloads/securityupdate2008003ppc.html

Apple Mac OS X Server 10.5.2

• Apple Security Update 2008-003 Server (PPC)
  http://www.apple.com/support/downloads/securityupdate2008003serverppc. html


• Apple Security Update 2008-003 Server (Universal)
  http://www.apple.com/support/downloads/securityupdate2008003serveruniv ersal.html

Apache Apache 2.0 a9

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Apache 2.0.28 Beta

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Apache 2.0.28

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Apache 2.0.38

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Apache 2.0.40

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Apache 2.0.44

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Apache 2.0.48

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Apache 2.0.54

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Apache 2.0.56 -dev

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Apache 2.1

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Apache 2.1.1

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Apache 2.1.3

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Apache 2.1.6

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Apache 2.2.3

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Apache 2.2.4

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability

References:

• Apache Homepage (Apache Software Foundation)
  
• Changes with Apache 2.2.6 (Apache)
  
• Apache2 Undefined Charset UTF-7 XSS Vulnerability (Maksymilian Arciemowicz)
  
• ASA-2008-026 httpd security update (RHSA-2008-0005) (Avaya)
  
• ASA-2008-031 Apache security update (RHSA-2008-0004) (Avaya Inc.)
  
• ASA-2008-032 httpd security update (RHSA-2008-0006) (Avaya)
  
• HPSBUX02365 SSRT080118 rev.1 - HP-UX Running Apache, Remote Cross Site Scripting (HP)
  
• Interstage HTTP Server: Cross-site Scripting Problem (CVE-2007-4465/ CVE-2007-62 (Fujitsu)
  
• RHSA-2007:0911-6 httpd security update (Red Hat)
  
• RHSA-2008:0004-7 - apache security update (Red Hat)
  
• RHSA-2008:0005-4 - httpd security update (Red Hat)
  
• RHSA-2008:0006-6 - httpd security update (Red Hat)
  
• RHSA-2008:0008-6 httpd security update (Red Hat)
  
• RHSA-2008:0261-4 Moderate: Red Hat Network Satellite Server security update (Red Hat)