We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

apache 1.3 mod_negotiation html injection vulnerability

krisdigitx
krisdigitx asked
on
Medium Priority
410 Views
Last Modified: 2012-05-06
recently i have seen that a lot of the websites on the server are being hacked using html injection. The server is running with apache 1.3

google search shows that mod_negotiation is the cause of it as it has vulnerabilites
http://www.juniper.net/security/auto/vulnerabilities/vuln27409.html

is there any fix for it?
Comment
Watch Question

Top Expert 2008

Commented:
Well, someone must be able to create a file on the server to trigger an XSS issue, hence s/o needs access to the server. If you allow such widespread access without checking the uploaded content for some embedded javascript etc. you probably have more straightforward ways to sniff cookies than through a negotiated resource.

So, to place malicious HTML/Javascript etc. on the server you'll need some other security holes. That's why this is not considered a vulnerability of mod_negotiation.

Anyway; what you should always do: If you don't use a specific module, don't load it.

the problem was the permissions on the folder and that worked.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.