Signature Detail
Short Name |
HTTP:XSS:OMNIHTTPD-REDIR |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
OmniHTTPD "redir.exe" Cross-Site Scripting |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: OmniHTTPD "redir.exe" Cross-Site Scripting
This signature detects attempts to exploit a cross-site scripting vulnerability in the redir.exe script that ships with OmniHTTPD, a Windows-based HTTP daemon. OmniHTTPD 2.10 and earlier versions are vulnerable. The script decodes the URL query parameter and uses it as the Location header in the URL response. Attackers can send a maliciously crafted URL that uses the encoded new line commands "%0D%0A" in the parameter to control the headers that follow the Location header. Using this method, attackers can use the vulnerable Web server to impersonate a Web site and perform scripting-based attacks on other hosts.
Extended Description
Cross site scripting vulnerabilities have been reported in multiple sample scripts including with OmniHTTPD. In particular, test.shtml and test.php contain errors. This type of vulnerability may be used to steal cookies or perform other web-based attacks.
Affected Products
- Omnicron OmniHTTPD 1.1.0
- Omnicron OmniHTTPD 2.0.0 9
- Omnicron OmniHTTPD 2.0.0 Alpha 1
- Omnicron OmniHTTPD 2.0.0 Alpha 2
- Omnicron OmniHTTPD 2.0.4
- Omnicron OmniHTTPD 2.0.5
- Omnicron OmniHTTPD 2.0.6
- Omnicron OmniHTTPD 2.0.7
- Omnicron OmniHTTPD 2.0.8
- Omnicron OmniHTTPD 2.4.0 Pro
References
- BugTraq: 5568
- CVE: CVE-2002-1455
- URL: http://securityvulns.com/docs3427.html