HTTP: Apache HTTP Server mod_negotiation Filename Handling Cross Site Scripting
This signature detects attempts to exploit a known Cross-Site Scripting vulnerability in Apache HTTP Server. A successful attack can result in script execution.
Extended Description
Apache 'mod_negotiation' is prone to an HTML-injection and an HTTP response-splitting vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, and influence or misrepresent how web content is served, cached, or interpreted; other attacks are also possible.
Affected Products
Apache_software_foundation apache
Short Name
HTTP:XSS:APACHE-MOD-NEGOTIATION
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Apache CVE-2008-0455 Cross Filename HTTP Handling Scripting Server Site bid:27409 mod_negotiation
Release Date
07/21/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Apache_software_foundation
Apple
Gentoo
CVSS Score
4.3