header-logo
Suggest Exploit
vendor:
Apache Web Server
by:
SecurityFocus
7.5
CVSS
HIGH
Cross Site Scripting
79
CWE
Product Name: Apache Web Server
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Apache Cross Site Scripting Vulnerability

Apache is reported to be vulnerable to cross site scripting attacks. This vulnerability is due to the SSI error pages of the webserver not being properly sanitized of malicious HTML code. Attacker-supplied HTML and script code may be executed on a web client visiting the malicious link in the context of the webserver. Attacks of this nature may make it possible for attackers to manipulate web content or to steal cookie-based authentication credentials. It may be possible to take arbitrary actions as the victim user.

Mitigation:

Ensure that all user-supplied input is properly sanitized and validated before being used in the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5847/info

Apache is reported to be vulnerable to cross site scripting attacks. This vulnerability is due to the SSI error pages of the webserver not being properly sanitized of malicious HTML code.

Attacker-supplied HTML and script code may be executed on a web client visiting the malicious link in the context of the webserver.

Attacks of this nature may make it possible for attackers to manipulate web content or to steal cookie-based authentication credentials. It may be possible to take arbitrary actions as the victim user.

http://%3CIMG%20SRC%3D%22%22%20ONERROR%3D%22alert%28document%2Ecookie%29%22
%3E.apachesite.org/raise_404

Navigation

Suggest Exploit

Services By CQR