Title: 04WebServer Multiple Remote Vulnerabilities
Severity: MODERATE
Description:
04WebServer is a typical web server application. It is freely available for the Microsoft Windows platform.
Multiple remote vulnerabilities reportedly affect 04WebServer. These issues are due to a failure of the application to properly sanitize user-supplied input.
The first issue is a cross-site scripting vulnerability. The problem presents itself when a non-existent resource is requested from the affected Web server. Apparently the Web server fails to sanitize the requested resource name prior to displaying it in an error page. This would facilitate cross-site scripting attacks against any sites hosted by the vulnerable server.
The second issue is a log file character injection vulnerability. Apparently it is possible for an attacker to inject arbitrary data into the log file of an affected Web server. This may facilitate cross-site scripting attacks if the malicious logs are viewed through a browser, as well as corruption of log files.
An attacker may leverage these issues to carry out cross-site scripting attacks against any Web sites hosted on the affected server and to inject arbitrary characters into log files, potentially leading to corruption.
Affected Products:
- 04WebServer Web Server 1.42.0
References:
- 04WebServer: 04WebServer Home Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
