Re: PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method
From: mcalautt@xxxxxxxxx
Date: 10 Jul 2008 16:53:20 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

what happens when you add a customer 413 page
and the test script still says its vul ?

is the script not working ?

 ../bin/httpd -V
Server version: Apache/2.0.54
Server built:   Jul 25 2007 17:21:43
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/worker"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D HTTPD_ROOT="/usr/local/apache2"
 -D SUEXEC_BIN="/usr/local/apache2/bin/suexec"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

grep 413 httpd.conf
     ErrorDocument 413 /error/413.html


./scan-413.sh localhost
localhost is VULNERABLE!

Follow-Ups:
- Re: PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method
  - From: ProCheckUp Research

Prev by Date: [ MDVSA-2008:140 ] - Updated ruby packages fix vulnerabilities
Next by Date: [ MDVSA-2008:143 ] - Updated pidgin packages fix MSN protocol handler vulnerability
Previous by thread: PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method
Next by thread: Re: PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method
Index(es):
- Date
- Thread