|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA13159] 04WebServer Three Vulnerabilities
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Thu Nov 11 2004 - 06:20:12 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Monitor, Filter, and Manage Security Information
- Filtering and Management of Secunia advisories
- Overview, documentation, and detailed reports
- Alerting via email and SMS
Request Trial:
https://ca.secunia.com/?f=l
----------------------------------------------------------------------
TITLE:
04WebServer Three Vulnerabilities
SECUNIA ADVISORY ID:
SA13159
VERIFY ADVISORY:
http://secunia.com/advisories/13159/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting, Manipulation of data, DoS
WHERE:
From remote
SOFTWARE:
04WebServer 1.x
http://secunia.com/product/4234/
DESCRIPTION:
Tan Chew Keong has discovered three vulnerabilities in 04WebServer,
which can be exploited by malicious people to conduct cross-site
scripting attacks, inject malicious spoofed requests in the web log,
and cause a DoS (Denial of Service).
1) Input passed to the default error page "Response_default.html"
isn't properly sanitised before being returned to the user. This can
be exploited to execute arbitrary HTML and script code in a user's
browser session in context of a vulnerable site.
2) HTTP requests are not properly sanitised before being written to
the web log. This can be exploited to inject malicious, spoofed
requests in the web log.
3) An input validation error when requesting DOS devices (e.g.
"COM1", "AUX", "PRN") in HTTP requests can cause the 04WebServer
service to fail restarting properly in some situations.
The vulnerabilities have been confirmed on version 1.42. Other
versions may also be affected.
SOLUTION:
Filter malicious characters and character sequences in a proxy
server.
Use another product.
PROVIDED AND/OR DISCOVERED BY:
Tan Chew Keong
ORIGINAL ADVISORY:
http://www.security.org.sg/vuln/04webserver142.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]