[security-alerts] FW: [SA21172] Apache "Expect" Header Cross-Site Scripting Vulnerability

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> TITLE:
> Apache "Expect" Header Cross-Site Scripting Vulnerability
> 
> SECUNIA ADVISORY ID:
> SA21172
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/21172/
> 
> CRITICAL:
> Less critical
> 
> IMPACT:
> Cross Site Scripting
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Apache 1.3.x
> http://secunia.com/product/72/
> Apache 2.0.x
> http://secunia.com/product/73/
> Apache 2.2.x
> http://secunia.com/product/9633/
> 
> DESCRIPTION:
> Thiago Zaninotti has discovered a vulnerability in Apache HTTP
> Server, which can be exploited by malicious people to conduct
> cross-site scripting attacks.
> 
> Input passed to the "Expect:" header is not properly sanitised before
> being returned to users. This can be exploited to execute arbitrary
> HTML and script code in a user's browser session in context of a
> vulnerable site.
> 
> The vulnerability affects versions prior to 1.3.35, 2.0.58, and
> 2.2.2.
> 
> Secunia has constructed a test, which is available at:
> http://secunia.com/expect_header_cross-site_scripting_vulnerab
> ility_test/
> 
> NOTE: This issue was originally not considered a vulnerability by the
> researcher and vendor due to the fact that no known vectors existed to
> exploit it. However, additional research by Amit Klein has proven that
> this can be exploited via a specially crafted Flash file.
> 
> SOLUTION:
> Update to version 1.3.35, 2.0.58, 2.2.2, or later.
> 
> PROVIDED AND/OR DISCOVERED BY:
> Thiago Zaninotti
> 
> Additional information about exploitation:
> Amit Klein
> 
> ORIGINAL ADVISORY:
> Vendor bug report:
> http://svn.apache.org/viewvc?view=rev&revision=394965
> 
> Thiago Zaninotti:
> http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html
> 
> Amit Klein:
> http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html
>