Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Apache :: web5774.htm

Apache XSS
24th Oct 2002 [SBWID-5774]

	apache cross side scripting


	 <= apache-1.3.22-1.0.5   

	 <= apache-1.3.26-1.1.1  

	 <= apache-1.3.27-20021009


	In OpenPKG Security Advisory :




	Joe Orton  <>  discovered  a  cross  site  scripting
	(XSS) bug [3] in mod_ssl [1],  the  SSL/TLS  component  for  the  Apache
	webserver [2]. Like the other recent Apache XSS bugs, this only  affects
	servers  using  a  combination  of  "UseCanonicalName  off"  (_not_  the
	default in OpenPKG package of Apache) and a wildcard  A  record  of  the
	server in the DNS. Although this combination for HTTPS servers  is  even
	less common than with plain HTTP servers, this nevertheless could  allow
	remote attackers to execute client-side script code as  other  web  page
	visitors via the HTTP "Host" header.







	Get either :

	 >= apache-1.3.22-1.0.6

	 >= apache-1.3.26-1.1.2

	 >= apache-1.3.27-20021023

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH