まだ確認してませんがこんなのが…
http://www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/apache/index.html
The Apache web server is prone to several non crítical vulnerabilities -by themselves- that could allow
by combining them, and on some specific scenarios, to carry out serious attacks, some of them with that impact:1) Execution of script code in the client side:
1a)Web “defacements” (E-graffity)
2b)Phishing (authentication forms)
3c)System compromise (script execution on same domain than Admin Panel)2) Location header injection -cache poisoning-:
2a) Denial of service
2b) Partial URL redirection4) And the most innovative and interesting thing: almost arbitrary injections in the server HTTP response stream:
4a) “on the fly” fake injection of virus.
4b) In the future, with some additional hack, arbitrary injection of binaries -trojans, etc.-
Leave a Comment