apache 1.3 mod_negotiation html injection vulnerability

Posted on 2009-02-12
Last Modified: 2012-05-06
recently i have seen that a lot of the websites on the server are being hacked using html injection. The server is running with apache 1.3

google search shows that mod_negotiation is the cause of it as it has vulnerabilites

is there any fix for it?
Question by:krisdigitx
    LVL 27

    Expert Comment

    Well, someone must be able to create a file on the server to trigger an XSS issue, hence s/o needs access to the server. If you allow such widespread access without checking the uploaded content for some embedded javascript etc. you probably have more straightforward ways to sniff cookies than through a negotiated resource.

    So, to place malicious HTML/Javascript etc. on the server you'll need some other security holes. That's why this is not considered a vulnerability of mod_negotiation.

    Anyway; what you should always do: If you don't use a specific module, don't load it.


    Accepted Solution

    the problem was the permissions on the folder and that worked.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
    It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now