Executive Summary
| Summary | |
|---|---|
| Title | New mod_ssl packages fix cross site scripting |
| Informations | |||
|---|---|---|---|
| Name | DSA-181 | First vendor Publication | 2002-10-22 |
| Vendor | Debian | Last vendor Modification | 2002-10-22 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Joe Orton discovered a cross site scripting problem in mod_ssl, an Apache module that adds Strong cryptography (i.e. HTTPS support) to the webserver. The module will return the server name unescaped in the response to an HTTP request on an SSL port. Like the other recent Apache XSS bugs, this only affects servers using a combination of "UseCanonicalName off" (default in the Debian package of Apache) and wildcard DNS. This is very unlikely to happen, though. Apache 2.0/mod_ssl is not vulnerable since it already escapes this HTML. With this setting turned on, whenever Apache needs to construct a self-referencing URL (a URL that refers back to the server the response is coming from) it will use ServerName and Port to form a "canonical" name. With this setting off, Apache will use the hostname:port that the client supplied, when possible. This also affects SERVER_NAME and SERVER_PORT in CGI scripts. This problem has been fixed in version 2.8.9-2.1 for the current stable distribution (woody), in version 2.4.10-1.3.9-1potato4 for the old stable distribution (potato) and version 2.8.9-2.3 for the unstable distribution (sid). We recommend that you upgrade your libapache-mod-ssl package. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 2.2 alias potato |
Original Source
| Url : http://www.debian.org/security/2002/dsa-181 |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 181-1 (libapache-mod-ssl) File : nvt/deb_181_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 2107 | Apache HTTP Server mod_ssl Host: Header XSS Apache mod_ssl contains a flaw that allows a remote Cross Site Scripting attack. This flaw exists because the application does not validate server signature data upon submission to the SSI error page. This could allow a user to send a specially crafted request that would execute the embedded script within the security context of the hosting site. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-181.nasl - Type : ACT_GATHER_INFO |
| 2004-07-31 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2002-072.nasl - Type : ACT_GATHER_INFO |
| 2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2002-251.nasl - Type : ACT_GATHER_INFO |
| 2003-05-12 | Name : The remote web server module has a cross-site scripting vulnerability. File : mod_ssl_wildcard_dns_xss.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:28:31 |
|
