W3C CERN httpd Proxy Cross-Site Scripting Vulnerability

CERN httpd is a freely available HTTP server and HTTP proxy server available from the W3C.

The httpd Proxy is vulnerable to a cross site scripting attack.

The condition is present because of the way URLS are displayed in error messages. It is possible for arbitrary HTML or script code to be embedded in the error page through a maliciously constructed link. When the error is displayed, the script will be executed within the context of the proxy server's error page on the client browser. This may permit various web-based attacks including stealing cookies, etc.


Privacy Statement
Copyright 2010, SecurityFocus