Apacheの脆弱性

Security 2月 15, 2007
(Last Updated On: 2007年2月15日)

まだ確認してませんがこんなのが…

http://www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/apache/index.html

The Apache web server is prone to several non crítical vulnerabilities -by themselves- that could allow
by combining them, and on some specific scenarios, to carry out serious attacks, some of them with that impact:

1) Execution of script code in the client side:

1a)Web “defacements” (E-graffity)
2b)Phishing (authentication forms)
3c)System compromise (script execution on same domain than Admin Panel)

2) Location header injection -cache poisoning-:

2a) Denial of service
2b) Partial URL redirection

4) And the most innovative and interesting thing: almost arbitrary injections in the server HTTP response stream:

4a) “on the fly” fake injection of virus.
4b) In the future, with some additional hack, arbitrary injection of binaries -trojans, etc.-

投稿者: yohgaki