Vulnerability found: 28th February 2009
Vendor informed: 1st March 2009
Advisory last updated: 1st March 2009
Credits: Richard Brain of ProCheckUp Ltd (www.procheckup.com)
CVE reference: CVE-2009-0796
Many thanks to Torsten Foertsch for his kind assistance in fixing the bug.
There is a Cross-site Scripting vulnerability on Mod_perl's, perl-status utility. The perl-status utility on request displays the current status of the Mod_perl server, and some configuration information. Perl-status when configured to allow any viewers, presents an information disclosure risk,
Procheckup has found by making a malformed request to perl-status, that additionally a vanilla cross site scripting (XSS) attack is possible.
Proof of concept:
Submitting the following string to an unpatched server "server".
The following is returned:-
?rgysubs">Compiled Registry Scripts
?symdump">Symbol Table Dump