RETIRED: IBM HTTP Server Multiple Modules Cross Site Scripting Vulnerabilities
BID:58119
Info
RETIRED: IBM HTTP Server Multiple Modules Cross Site Scripting Vulnerabilities
| Bugtraq ID: | 58119 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 19 2013 12:00AM |
| Updated: | May 22 2013 02:53PM |
| Credit: | IBM |
| Vulnerable: |
Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 |
| Not Vulnerable: | |
Discussion
RETIRED: IBM HTTP Server Multiple Modules Cross Site Scripting Vulnerabilities
IBM HTTP Server is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The following versions are affected:
HTTP Server 6.1.0.47
HTTP Server 7.0.0.29
HTTP Server 8.0.0.6
HTTP Server 8.5.0.2
IBM HTTP Server is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The following versions are affected:
HTTP Server 6.1.0.47
HTTP Server 7.0.0.29
HTTP Server 8.0.0.6
HTTP Server 8.5.0.2
Exploit / POC
RETIRED: IBM HTTP Server Multiple Modules Cross Site Scripting Vulnerabilities
To exploit these issues, an attacker must entice an unsuspecting user to follow a malicious URI.
To exploit these issues, an attacker must entice an unsuspecting user to follow a malicious URI.
Solution / Fix
RETIRED: IBM HTTP Server Multiple Modules Cross Site Scripting Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
RETIRED: IBM HTTP Server Multiple Modules Cross Site Scripting Vulnerabilities
References:
References: