HTTP: HTML Script Tag Embedded in URL Path
This signature detects attempts at cross-site scripting attacks. Attackers can create a malicious Web site that includes HTML embedded in the hyperlinks, which can violate site security settings.
Extended Description
The Apache 'mod_proxy_ftp' module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. This issue is reported to affect Apache 2.0.63 and 2.2.9; other versions may also be affected.
Affected Products
Blue_coat_systems director,Apache_software_foundation apache
References
BugTraq: 66788 99927 29103 39489 20915
CVE: CVE-2007-2581
URL: https://www.exploit-db.com/exploits/12260 https://www.exploit-db.com/exploits/18599
Short Name
HTTP:XSS:HTML-SCRIPT-IN-URL-PTH
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CA-2000-02 CVE-2007-2581 CVE-2007-5923 CVE-2007-6203 CVE-2008-2123 CVE-2008-2939 CVE-2010-0376 CVE-2010-0432 CVE-2012-3184 CVE-2012-4558 CVE-2012-5331 CVE-2013-3908 CVE-2014-2856 CVE-2015-1636 CVE-2015-6099 CVE-2016-0711 CVE-2016-0712 CVE-2017-0055 CVE-2017-0378 Embedded HTML Path Script Tag URL bid:20915 bid:29103 bid:39489 bid:66788 bid:99927 in
Release Date
10/08/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3598
False Positive
Frequently
Vendors
Red_hat
Apache_software_foundation
Suse
Apple
Blue_coat_systems
Sun
Rpath
Turbolinux
Pardus
Ubuntu
Mandriva
Hp
Ibm
CVSS Score
3.5
6.8
4.3