|
|
|
|
| |
Credit:
The information has been provided by sp3x.
The original article can be found at: http://securityreason.com/achievement_securityalert/48
|
| |
Vulnerable Systems:
* Apache version 2.2.x with mod_proxy_balancer
Immune Systems:
* Apache version 2.2.27-dev with mod_proxy_balancer
Apache2 Cross-Site Request Forgery (CSRF) Vulnerability
Due to the fact that all actions are performed by GET method there exist "CSRF". The balancer-manager should use POST for requests which have side-effects which would significantly mitigate the "CSRF" issue.
Apache2 HTML Injection (XSS) Vulnerability
First XSS
The HTML Injection (XSS) vulnerability exist in "mod_proxy_balancer.c" .
By Enabling Balancer Manager Support we can trigger XSS vulnerability .
Input passed to the:
"ss" - called ""StickySession Identifier",
"wr" - called "Route",
"rr" - called "Route Redirect",
parameters in balancer-manager are not properly sanitized leading to execute arbitrary HTML and script code in a victim's browser.
Second XSS
Input passed in the URL to "balancer-manager" is not properly sanitized leading to execute arbitrary HTML and script code in a victim's browser.
Apache2 Denial of Service Vulnerability
The Denial of Service is caused due to an error in the "balancer_handler()" function that manages the loadfactors and member status. When attacker input invalid "bb" variable while editing worker settings leads to "Denial of Service Vulnerability".
Apache2 Memory Corruption
The Memory corruption is caused due to an error in the "mod_proxy_balancer" when attacker input in the URL 7390 or 7506 or 7622 "A" chars.
CVE Information:
CVE-2007-6420, CVE-2007-6421, CVE-2007-6422 and CVE-2007-6423
|
|
|
|
|
