Bradford Barrett Webalizer Cross-Agent Scripting Vulnerability

Webalizer is a web server log file program, which generates web site statistic log files. Log files produced include referrer information, browser information, web site Hits, Files accessed etc. These log files are generated in HTML format, so administrators can view them in a web browser.

Webalizer Server does not protect against cross-agent scripting attacks.

A user could specify malicious HTML tags in the 'Referrer' field of a HTTP request, when visiting the website of a Webalizer host.

If a Webalizer administrator requests the log file, the malicious content contained within the file could execute.


Privacy Statement
Copyright 2010, SecurityFocus