| VID |
21813 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Web server has a CGI file vulnerable to a HTTP Header CRLF Injection Cross-Site Scripting attack. The relevant CGI could allow a remote attacker to inject arbitrary HTML and script code, caused by improper validation of user-supplied input passed to the specific parameter of the CGI that is being used in the HTTP headers. By sending a specially-crafted HTTP request containing a Carriage Return and Line Feed sequence ("%0d%0a"), a remote attacker could add HTTP headers to the response and completely write the body of the HTTP request. This vulnerability could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks. Especially, when this attack could modify HTTP headers, client browsers might even be forced to download arbitrary files.
* References:
http://www.securiteam.com/securityreviews/5WP022K75O.html
http://www.spidynamics.com/support/whitepapers/SPIcross-sitescripting.pdf
* Platforms Affected:
Any HTTP server Any version
Any operating system Any version |
| Recommendation |
Modify the affected CGI script to perform proper validation of user-supplied input passed to the specific parameter of the CGI that is being used in the HTTP headers. For details, please see the web site at http://stuff.mit.edu/afs/athena/astaff/reference/cert/Tips/cgi_metacharacters |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
