Cross script vulnerability (XSS) in httpd
karagian at gmail.com
Wed Jan 29 05:38:43 EST 2020
not sure if this is an actual issue, so I'm posting it here first, in case
someone knows better.
We recently ran a vulnerability assessment using nessus against our server
running cyrus and it detected the following medium risk XSS issue (the
actual report is at the bottom of the email)
9080 is the custom port https is configured to listen on.
>From what I understand it seems that someone could craft a special request
and enter script code via the headers sent, code that appears in the
response and could actually be executed in case a browser is used.
The report had multiple example requests, but technically they were all the
same, so I'm just attaching the first example request that confirms the
Here's the related part of the report:
The remote web server is affected by a cross-site scripting vulnerability.
The remote host is running a web server that fails to adequately sanitize
issue, via a specially crafted request, to execute arbitrary HTML and
script code in a user's browser within the security context of the affected
Contact the vendor for a patch or upgrade.
CVSS Base Score
CVSS Temporal Score
BID 5011 <http://www.securityfocus.com/bid/5011>
BID 5305 <http://www.securityfocus.com/bid/5305>
BID 7344 <http://www.securityfocus.com/bid/7344>
BID 7353 <http://www.securityfocus.com/bid/7353>
BID 8037 <http://www.securityfocus.com/bid/8037>
BID 14473 <http://www.securityfocus.com/bid/14473>
BID 17408 <http://www.securityfocus.com/bid/17408>
BID 54344 <http://www.securityfocus.com/bid/54344>
XREF CWE:79 <http://cwe.mitre.org/data/definitions/79>
Published: 2001/11/30, Modified: 2018/07/06
------------------------------ Request #1 ------------------------------
The full request used to detect this flaw was :
GET /cgi-bin/llknxx7s.html HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
The output was :
HTTP/1.1 404 Not Found
Date: Thu, 23 Jan 2020 18:13:22 GMT
Connection: close, Upgrade
Content-Type: text/html; charset=utf-8
[...] Jansson/2.9 Server at <script>alert(Host)</script> Port
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Info-cyrus