Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:XSS:HTML-SCRIPT-IN-URL-PTH

Severity

 Major

Recommended

 No

Category

 HTTP

Keywords

 HTML Script Tag Embedded in URL Path

Release Date

 2003/10/08

Update Number

 1213

Supported Platforms

 di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: HTML Script Tag Embedded in URL Path


This signature detects attempts at cross-site scripting attacks. Attackers can create a malicious Web site that includes HTML embedded in the hyperlinks, which can violate site security settings.

Extended Description

The Apache 'mod_proxy_ftp' module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. This issue is reported to affect Apache 2.0.63 and 2.2.9; other versions may also be affected.

Affected Products

  • Apache_software_foundation apache 2.0.35
  • Apache_software_foundation apache 2.0.36
  • Apache_software_foundation apache 2.0.37
  • Apache_software_foundation apache 2.0.38
  • Apache_software_foundation apache 2.0.39
  • Apache_software_foundation apache 2.0.40
  • Apache_software_foundation apache 2.0.41
  • Apache_software_foundation apache 2.0.42
  • Apache_software_foundation apache 2.0.43
  • Apache_software_foundation apache 2.0.44
  • Apache_software_foundation apache 2.0.45
  • Apache_software_foundation apache 2.0.46
  • Apache_software_foundation apache 2.0.47
  • Apache_software_foundation apache 2.0.48
  • Apache_software_foundation apache 2.0.49
  • Apache_software_foundation apache 2.0.50
  • Apache_software_foundation apache 2.0.51
  • Apache_software_foundation apache 2.0.52
  • Apache_software_foundation apache 2.0.53
  • Apache_software_foundation apache 2.0.54
  • Apache_software_foundation apache 2.0.55
  • Apache_software_foundation apache 2.0.56 -Dev
  • Apache_software_foundation apache 2.0.57
  • Apache_software_foundation apache 2.0.58
  • Apache_software_foundation apache 2.0.59
  • Apache_software_foundation apache 2.0.60-Dev
  • Apache_software_foundation apache 2.0.61-Dev
  • Apache_software_foundation apache 2.0.62-Dev
  • Apache_software_foundation apache 2.0.63
  • Apache_software_foundation apache 2.2.9
  • Apple mac_os_x 10.4.0
  • Apple mac_os_x 10.4.1
  • Apple mac_os_x 10.4.10
  • Apple mac_os_x 10.4.11
  • Apple mac_os_x 10.4.2
  • Apple mac_os_x 10.4.3
  • Apple mac_os_x 10.4.4
  • Apple mac_os_x 10.4.5
  • Apple mac_os_x 10.4.6
  • Apple mac_os_x 10.4.7
  • Apple mac_os_x 10.4.8
  • Apple mac_os_x 10.4.9
  • Apple mac_os_x 10.5
  • Apple mac_os_x 10.5.1
  • Apple mac_os_x 10.5.2
  • Apple mac_os_x 10.5.3
  • Apple mac_os_x 10.5.4
  • Apple mac_os_x 10.5.5
  • Apple mac_os_x 10.5.6
  • Blue_coat_systems director 4.2.2.4
  • Blue_coat_systems director 5.2.2.5
  • Blue_coat_systems director 5.4
  • Blue_coat_systems director 5.5
  • Blue_coat_systems director
  • Hp business_availability_center 8.01
  • Hp hp-ux B.11.11
  • Hp hp-ux B.11.23
  • Hp hp-ux B.11.31
  • Ibm http_server 2.0.47
  • Ibm http_server 2.0.47 .1
  • Ibm http_server 6.0.2
  • Ibm http_server 6.0.2.12
  • Ibm http_server 6.0.2.13
  • Ibm http_server 6.0.2.19
  • Ibm http_server 6.0.2.23
  • Ibm http_server 6.0.2.27
  • Ibm websphere_application_server 6.1.0
  • Ibm websphere_application_server 6.1.0.1
  • Ibm websphere_application_server 6.1.0.10
  • Ibm websphere_application_server 6.1.0.11
  • Ibm websphere_application_server 6.1.0.12
  • Ibm websphere_application_server 6.1.0.13
  • Ibm websphere_application_server 6.1.0.14
  • Ibm websphere_application_server 6.1.0.15
  • Ibm websphere_application_server 6.1.0.17
  • Ibm websphere_application_server 6.1.0.18
  • Ibm websphere_application_server 6.1.0.19
  • Ibm websphere_application_server 6.1.0.2
  • Ibm websphere_application_server 6.1.0.20
  • Ibm websphere_application_server 6.1.0.3
  • Ibm websphere_application_server 6.1.0.4
  • Ibm websphere_application_server 6.1.0.5
  • Ibm websphere_application_server 6.1.0.6
  • Ibm websphere_application_server 6.1.0.7
  • Ibm websphere_application_server 6.1.0.8
  • Ibm websphere_application_server 6.1.0.9
  • Mandriva corporate_server 3.0.0
  • Mandriva corporate_server 3.0.0 X86 64
  • Mandriva corporate_server 4.0
  • Mandriva corporate_server 4.0.0 X86 64
  • Mandriva linux_mandrake 2007.1
  • Mandriva linux_mandrake 2007.1 X86 64
  • Mandriva linux_mandrake 2008.0
  • Mandriva linux_mandrake 2008.0 X86 64
  • Mandriva linux_mandrake 2008.1
  • Mandriva linux_mandrake 2008.1 X86 64
  • Mandriva linux_mandrake 2009.0
  • Mandriva linux_mandrake 2009.0 X86 64
  • Mandriva linux_mandrake 2009.1
  • Mandriva linux_mandrake 2009.1 X86 64
  • Mandriva multi_network_firewall 2.0.0
  • Pardus linux_2007
  • Pardus linux_2008
  • Red_hat application_stack_v2
  • Red_hat certificate_server 7.3
  • Red_hat desktop 3.0.0
  • Red_hat desktop 4.0.0
  • Red_hat enterprise_linux 5 Server
  • Red_hat enterprise_linux_as 3
  • Red_hat enterprise_linux_as 4
  • Red_hat enterprise_linux_desktop 5 Client
  • Red_hat enterprise_linux_desktop_workstation 5 Client
  • Red_hat enterprise_linux_es 3
  • Red_hat enterprise_linux_es 4
  • Red_hat enterprise_linux_ws 3
  • Red_hat enterprise_linux_ws 4
  • Rpath appliance_platform_linux_service 1
  • Rpath appliance_platform_linux_service 2
  • Rpath rpath_linux 1
  • Rpath rpath_linux 2
  • Sun solaris 10 Sparc
  • Sun solaris 10 X86
  • Suse novell_linux_desktop 9.0.0
  • Suse novell_linux_pos 9
  • Suse open-enterprise-server 9.0.0
  • Suse opensuse 10.2
  • Suse opensuse 10.3
  • Suse opensuse 11.0
  • Suse suse_linux_enterprise_desktop 10
  • Suse suse_linux_enterprise_desktop 10 SP1
  • Suse suse_linux_enterprise_desktop 10 SP2
  • Suse suse_linux_enterprise_server 10
  • Suse suse_linux_enterprise_server 9
  • Turbolinux appliance_server 2.0
  • Turbolinux client 2008
  • Turbolinux fuji
  • Turbolinux multimedia
  • Turbolinux personal
  • Turbolinux turbolinux_server 10.0.0
  • Turbolinux turbolinux_server 10.0.0 X64
  • Turbolinux turbolinux_server 11
  • Turbolinux turbolinux_server 11 X64
  • Ubuntu ubuntu_linux 6.06 LTS Amd64
  • Ubuntu ubuntu_linux 6.06 LTS I386
  • Ubuntu ubuntu_linux 6.06 LTS Powerpc
  • Ubuntu ubuntu_linux 6.06 LTS Sparc
  • Ubuntu ubuntu_linux 7.10 Amd64
  • Ubuntu ubuntu_linux 7.10 I386
  • Ubuntu ubuntu_linux 7.10 Lpia
  • Ubuntu ubuntu_linux 7.10 Powerpc
  • Ubuntu ubuntu_linux 7.10 Sparc
  • Ubuntu ubuntu_linux 8.04 LTS Amd64
  • Ubuntu ubuntu_linux 8.04 LTS I386
  • Ubuntu ubuntu_linux 8.04 LTS Lpia
  • Ubuntu ubuntu_linux 8.04 LTS Powerpc
  • Ubuntu ubuntu_linux 8.04 LTS Sparc

References

  • BugTraq: 39489
  • BugTraq: 29103
  • BugTraq: 66788
  • BugTraq: 99927
  • BugTraq: 20915
  • CERT: CA-2000-02
  • CVE: CVE-2007-5923
  • CVE: CVE-2008-2123
  • CVE: CVE-2013-3908
  • CVE: CVE-2014-2856
  • CVE: CVE-2015-1636
  • CVE: CVE-2016-0711
  • CVE: CVE-2012-4558
  • CVE: CVE-2012-5331
  • CVE: CVE-2010-0376
  • CVE: CVE-2012-3184
  • CVE: CVE-2017-0378
  • CVE: CVE-2010-0432
  • CVE: CVE-2007-6203
  • CVE: CVE-2016-0712
  • CVE: CVE-2015-6099
  • CVE: CVE-2017-0055
  • CVE: CVE-2008-2939
  • CVE: CVE-2007-2581
  • URL: https://www.exploit-db.com/exploits/12260
  • URL: https://www.exploit-db.com/exploits/18599

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out