[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

apache 1.3 mod_negotiation html injection vulnerability

Posted on 2009-02-12
2
Medium Priority
?
330 Views
Last Modified: 2012-05-06
recently i have seen that a lot of the websites on the server are being hacked using html injection. The server is running with apache 1.3

google search shows that mod_negotiation is the cause of it as it has vulnerabilites
http://www.juniper.net/security/auto/vulnerabilities/vuln27409.html

is there any fix for it?
0
Comment
Question by:krisdigitx
2 Comments
 
LVL 27

Expert Comment

by:caterham_www
ID: 23622135
Well, someone must be able to create a file on the server to trigger an XSS issue, hence s/o needs access to the server. If you allow such widespread access without checking the uploaded content for some embedded javascript etc. you probably have more straightforward ways to sniff cookies than through a negotiated resource.

So, to place malicious HTML/Javascript etc. on the server you'll need some other security holes. That's why this is not considered a vulnerability of mod_negotiation.

Anyway; what you should always do: If you don't use a specific module, don't load it.

0
 

Accepted Solution

by:
krisdigitx earned 0 total points
ID: 25848161
the problem was the permissions on the folder and that worked.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
Integration Management Part 2
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
Suggested Courses
Course of the Month18 days, 12 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question