Vulnerability Bulletins |
Vulnerabilidad Cross-Site Scripting en cabecera Expect de Apache y de IBM HTTP Server |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Aumento de la visibilidad |
| Dificulty | Principiante |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software |
IBM HTTP Server 6.0 < 6.0.2.13 IBM HTTP Server 6.1 < 6.1.0.1 Apache HTTP Server 1.3 < 1.3.35 Apache HTTP Server 2.0 < 2.0.58 Apache HTTP Server 2.2 < 2.2.2 |
Description |
|
|
Se ha descubierto una vulnerabilidad en IBM HTTP Server 6.0 versión anterior 6.0.2.13 y 6.1 versión anterior 6.1.0.1, y Apache HTTP Server 1.3 versión anterior 1.3.35, 2.0 versión anterior 2.0.58, y 2.2 versión anterior 2.2.2. La vulnerabilidad reside en que en "http_protocol.c" no se valida la salida de la cabecera Expect cuando se refleja en un mensaje de error. Un atacante remoto podría ejecutar código HTML y Web script arbitrarios para realizar ataques cross-site scripting (XSS) usando componentes Web clientes que puedan enviar cabeceras arbitrarias en peticiones, como ficheros Flash SWF. |
|
Solution |
|
|
Actualización de software Red Hat Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Linux Advanced Workstation 2.1 Itanium https://rhn.redhat.com/ IBM IBM HTTP Server 6.1 / 6.1.0.2 IBM HTTP Server 6.0 / 6.0.2.13 IBM HTTP Server 2.0 / PK25355 IBM HTTP Server 1.3 / PK27875 http://www-03.ibm.com/servers/eserver/support/unixservers/aixfixes.html SGI Advanced Linux Environment 3 / RPM / Patch 10326 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS Advanced Linux Environment 3 / SRPM / Patch 10326 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS Debian Linux Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3.dsc http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3.diff.gz http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33.orig.tar.gz Architecture independent http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.33-6sarge3_all.deb http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.33-6sarge3_all.deb http://security.debian.org/pool/updates/main/a/apache/apache-utils_1.3.33-6sarge3_all.deb Alpha architecture http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_alpha.deb http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_alpha.deb http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_alpha.deb http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_alpha.deb http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_alpha.deb http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_alpha.deb AMD64 http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_amd64.deb http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_amd64.deb http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_amd64.deb http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_amd64.deb http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_amd64.deb http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_amd64.deb ARM http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_arm.deb http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_arm.deb http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_arm.deb http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_arm.deb http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_arm.deb http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_arm.deb HP Precision http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_hppa.deb http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_hppa.deb http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_hppa.deb http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_hppa.deb http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_hppa.deb http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_hppa.deb Intel IA-32 http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_i386.deb http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_i386.deb http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_i386.deb http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_i386.deb http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_i386.deb http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_ia64.deb http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_ia64.deb http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_ia64.deb http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_ia64.deb http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_ia64.deb http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_ia64.deb Motorola 680x0 http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_m68k.deb http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_m68k.deb http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_m68k.deb http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_m68k.deb http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_m68k.deb http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_mips.deb http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_mips.deb http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_mips.deb http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_mips.deb http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_mips.deb http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_mipsel.deb http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_mipsel.deb http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_mipsel.deb http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_mipsel.deb http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_mipsel.deb http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_powerpc.deb http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_powerpc.deb http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_powerpc.deb http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_powerpc.deb http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_powerpc.deb http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_s390.deb http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_s390.deb http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_s390.deb http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_s390.deb http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_s390.deb http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_sparc.deb http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_sparc.deb http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_sparc.deb http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_sparc.deb http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_sparc.deb http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_sparc.deb Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux Red Hat Linux (apache) Red Hat Stronghold for Enterprise Linux https://rhn.redhat.com/ OpenBSD OpenBSD 3.8 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/017_httpd2.patch OpenBSD 3.9 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/012_httpd2.patch OpenBSD 4.0 ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/001_httpd.patch Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux. |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2006-3918 |
| BID | |
Other resources |
|
|
Apache Revision 394965 http://svn.apache.org/viewvc?view=rev&revision=394965 IBM PK24631: HTTP EXPECT HEADER VALUE CAN BE ECHOED TO BROWSER UNESCAPED http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631 SGI Security Advisory (20060801-01-P) ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P.asc Debian Security Advisory DSA 1167-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00257.html SUSE Security Advisory (SUSE-SA:2006:051) http://www.novell.com/linux/security/advisories/2006_51_apache.html Red Hat Security Advisory RHSA-2006:0692-4 https://rhn.redhat.com/errata/RHSA-2006-0692.html OpenBSD Security Advisory October 7, 2006 (12) http://www.openbsd.org/errata.html#httpd2 OpenBSD Security Advisory October 7, 2006 (17) http://www.openbsd.org/errata38.html#httpd2 OpenBSD Security Advisory November 4, 2006 (01) http://www.openbsd.org/errata.html#systrace SUSE Security Advisory (SUSE-SA:2008:021) http://www.novell.com/linux/security/advisories/2008_21_apache.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2006-08-09 |
| 1.1 | Aviso emitido por SGI (20060801-01-P) | 2006-08-28 |
| 1.2 | Aviso emitido por Debian (DSA 1167-1) | 2006-09-05 |
| 1.3 | Aviso emitido por Suse (SUSE-SA:2006:051) | 2006-09-12 |
| 1.4 | Aviso emitido por Red Hat (RHSA-2006:0692-4) | 2006-10-04 |
| 1.5 | Aviso emitido por OpenBSD (October 7, 2006) | 2006-10-16 |
| 1.6 | Aviso emitido por OpenBSD (November 4, 2006) | 2006-11-06 |
| 1.7 | Aviso emitido por Suse (SUSE-SA:2008:021) | 2008-04-15 |