Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
Severity: : Medium
CVE Kennungen: : CVE-2007-4465
Advisory Date: 21 lipca 2015
DESCRIPTION
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
INFORMATION EXPOSURE
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1000552
Trend Micro Deep Security DPI Rule Name: 1000552 - Generic Cross Site Scripting(XSS) Prevention
AFFECTED SOFTWARE AND VERSION:
- apache http_server 2.0
- apache http_server 2.0.28
- apache http_server 2.0.32
- apache http_server 2.0.34
- apache http_server 2.0.35
- apache http_server 2.0.36
- apache http_server 2.0.37
- apache http_server 2.0.38
- apache http_server 2.0.39
- apache http_server 2.0.40
- apache http_server 2.0.41
- apache http_server 2.0.42
- apache http_server 2.0.43
- apache http_server 2.0.44
- apache http_server 2.0.45
- apache http_server 2.0.46
- apache http_server 2.0.47
- apache http_server 2.0.48
- apache http_server 2.0.49
- apache http_server 2.0.50
- apache http_server 2.0.51
- apache http_server 2.0.52
- apache http_server 2.0.53
- apache http_server 2.0.54
- apache http_server 2.0.55
- apache http_server 2.0.56
- apache http_server 2.0.57
- apache http_server 2.0.58
- apache http_server 2.0.59
- apache http_server 2.0.60
- apache http_server 2.0.61
- apache http_server 2.0.9
- apache http_server 2.1
- apache http_server 2.1.1
- apache http_server 2.1.2
- apache http_server 2.1.3
- apache http_server 2.1.4
- apache http_server 2.1.5
- apache http_server 2.1.6
- apache http_server 2.1.7
- apache http_server 2.1.8
- apache http_server 2.2
- apache http_server 2.2.1
- apache http_server 2.2.2
- apache http_server 2.2.3
- apache http_server 2.2.4
- apache http_server 2.2.5