exploits , vulnerabilities , articles , Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability

Title	Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
Published	2007-09-12-12:00AM
Updated	2008-02-05-09:16PM
Class	Input Validation Error
CVE	CVE-2007-4465
Remote	Yes
Local	No
Credit	Maksymilian Arciemowicz is credited with the discovery of this vulnerability.
Vulnerable	Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 11 x64 Turbolinux Turbolinux Server 11 Turbolinux Turbolinux Server 10.0.0 x64 TurboLinux Personal TurboLinux Multimedia Turbolinux FUJI 0 Turbolinux Appliance Server Workgroup Edition 1.0 Turbolinux Appliance Server Hosting Edition 1.0 Turbolinux Appliance Server 1.0 Workgroup Edition Turbolinux Appliance Server 1.0 Hosting Edition Turbolinux Appliance Server 2.0 S.u.S.E. SLE SDK 10.SP1 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. OpenEnterpriseServer 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop SDK 9.0 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Enterprise Server 10.SP1 RedHat Fedora Core7 0 RedHat Fedora Core6 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux AS 2.1 IA64 RedHat Enterprise Linux AS 2.1 RedHat Enterprise Linux 5 server RedHat Desktop 4.0 RedHat Desktop 3.0 RedHat Application Stack v2 0 RedHat Application Stack v1 for Enterprise Linux ES 4 RedHat Application Stack v1 for Enterprise Linux AS 4 RedHat Advanced Workstation for the Itanium Processor 2.1 IA64 RedHat Advanced Workstation for the Itanium Processor 2.1 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Linux Mandrake 2007.1 x86_64 MandrakeSoft Linux Mandrake 2007.1 MandrakeSoft Linux Mandrake 2007.0 x86_64 MandrakeSoft Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Gentoo Linux Avaya Voice Portal 4.1 Avaya Voice Portal 4.0 Avaya SES 3.1.2 Avaya SES 3.1.1 Avaya SES 4.0 Avaya SES 3.1 Avaya Messaging Storage Server MSS 3.0 Avaya Messaging Storage Server MM3.0 Avaya Messaging Storage Server 3.1 Avaya Message Networking MN 3.1 Avaya Message Networking 3.1 Avaya Meeting Exchange 5.0 Avaya Intuity AUDIX LX 2.0 Avaya Communication Manager 5.0 Avaya Communication Manager Server DEFINITY Server SI/CS Avaya Communication Manager Server S8100 Avaya Communication Manager Server S8300 Avaya Communication Manager Server S8500 Avaya Communication Manager Server S8700 Avaya Communication Manager 4.0 Avaya Communication Manager 3.1 Avaya Communication Manager 3.0 Avaya Communication Manager Server DEFINITY Server SI/CS Avaya Communication Manager Server DEFINITY Server SI/CS Avaya Communication Manager Server S8100 Avaya Communication Manager Server S8100 Avaya Communication Manager Server S8300 Avaya Communication Manager Server S8300 Avaya Communication Manager Server S8500 Avaya Communication Manager Server S8500 Avaya Communication Manager Server S8700 Avaya Communication Manager Server S8700 Avaya CCS 3.1.2 Avaya CCS 3.1.1 Avaya CCS 4.0 Avaya AES 4.0.1 Avaya AES 3.1.4 Avaya AES 3.1.3 Avaya AES 4.0 Avaya AES 3.1 Apache Software Foundation Apache 2.2.4 Apache Software Foundation Apache 2.2.3 Apache Software Foundation Apache 2.2.2 Apache Software Foundation Apache 2.2 .0 Apache Software Foundation Apache 2.1.8 Apache Software Foundation Apache 2.1.7 Apache Software Foundation Apache 2.1.6 Apache Software Foundation Apache 2.1.5 Apache Software Foundation Apache 2.1.4 Apache Software Foundation Apache 2.1.3 Apache Software Foundation Apache 2.1.2 Apache Software Foundation Apache 2.1.1 Apache Software Foundation Apache 2.1 Apache Software Foundation Apache 2.0.59 Apache Software Foundation Apache 2.0.58 Apache Software Foundation Apache 2.0.56 dev Apache Software Foundation Apache 2.0.55 Apache Software Foundation Apache 2.0.54 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia64 Debian Linux 3.1 ia32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Apache Software Foundation Apache 2.0.53 Apache Software Foundation Apache 2.0.52 Apache Software Foundation Apache 2.0.51 Apache Software Foundation Apache 2.0.50 Apache Software Foundation Apache 2.0.49 S.u.S.E. Linux Personal 9.1 Trustix Secure Linux 2.1 Trustix Secure Linux 2.0 Apache Software Foundation Apache 2.0.48 MandrakeSoft Linux Mandrake 10.0 AMD64 MandrakeSoft Linux Mandrake 10.0 S.u.S.E. Linux 8.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 Trustix Secure Linux 2.1 Trustix Secure Linux 2.0 Apache Software Foundation Apache 2.0.47 Apache Software Foundation Apache 2.0.46 Apache Software Foundation Apache 2.0.45 Apache Software Foundation Apache 2.0.44 Apache Software Foundation Apache 2.0.43 Apache Software Foundation Apache 2.0.42 Apache Software Foundation Apache 2.0.41 Apache Software Foundation Apache 2.0.40 RedHat Linux 9.0 i386 RedHat Linux 8.0 Terra Soft Solutions Yellow Dog Linux 3.0 Apache Software Foundation Apache 2.0.39 Apache Software Foundation Apache 2.0.38 Apache Software Foundation Apache 2.0.37 Apache Software Foundation Apache 2.0.36 Apache Software Foundation Apache 2.0.35 Apache Software Foundation Apache 2.0.32 Apache Software Foundation Apache 2.0.28 Beta Apache Software Foundation Apache 2.0.28 Apache Software Foundation Apache 2.0 a9 Apache Software Foundation Apache 2.0 Apache Software Foundation Apache 2.2.5dev Apache Software Foundation Apache 2.0.61dev Apache Software Foundation Apache 2.0.60dev
Not Vulnerable	Apache Software Foundation Apache 2.2.6
Code	An attacker can exploit a cross-site scripting issue by enticing an unsuspecting user to follow a malicious URI.
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-17 GNU Automake Insecure Directory Permissions Vulnerability
• 2009-12-17 Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities
• 2009-12-17 Mozilla Firefox CVE-2009-3981 Remote Memory Corruption Vulnerability
• 2009-12-17 Drupal Sections Module HTML Injection Vulnerability
• 2009-12-17 Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
• 2009-12-17 Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
• 2009-12-17 Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
• 2009-12-17 Mozilla Firefox/SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability
• 2009-12-16 ZABBIX Denial Of Service and SQL Injection Vulnerabilities
• 2009-12-16 IBM WebSphere Application Server JNDI Remote Information Disclosure Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Thu, 17 Dec 2009 18:29:00 +0000