Security 2月 15, 2007
(Last Updated On: 2007年2月15日)



The Apache web server is prone to several non crítical vulnerabilities -by themselves- that could allow
by combining them, and on some specific scenarios, to carry out serious attacks, some of them with that impact:

1) Execution of script code in the client side:

1a)Web “defacements” (E-graffity)
2b)Phishing (authentication forms)
3c)System compromise (script execution on same domain than Admin Panel)

2) Location header injection -cache poisoning-:

2a) Denial of service
2b) Partial URL redirection

4) And the most innovative and interesting thing: almost arbitrary injections in the server HTTP response stream:

4a) “on the fly” fake injection of virus.
4b) In the future, with some additional hack, arbitrary injection of binaries -trojans, etc.-

投稿者: yohgaki