HTTP: OmniHTTPD "redir.exe" Cross-Site Scripting
This signature detects attempts to exploit a cross-site scripting vulnerability in the redir.exe script that ships with OmniHTTPD, a Windows-based HTTP daemon. OmniHTTPD 2.10 and earlier versions are vulnerable. The script decodes the URL query parameter and uses it as the Location header in the URL response. Attackers can send a maliciously crafted URL that uses the encoded new line commands "%0D%0A" in the parameter to control the headers that follow the Location header. Using this method, attackers can use the vulnerable Web server to impersonate a Web site and perform scripting-based attacks on other hosts.
Extended Description
Cross site scripting vulnerabilities have been reported in multiple sample scripts including with OmniHTTPD. In particular, test.shtml and test.php contain errors. This type of vulnerability may be used to steal cookies or perform other web-based attacks.
Affected Products
Omnicron omnihttpd
Short Name
HTTP:XSS:OMNIHTTPD-REDIR
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
"redir.exe" CVE-2002-1455 Cross-Site OmniHTTPD Scripting bid:5568
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Omnicron
CVSS Score
4.3