Bug#453783: apache2: CVE-2007-4465

To: 453783@bugs.debian.org, sf@sfritsch.de
Subject: Bug#453783: apache2: CVE-2007-4465
From: Paul Szabo <psz@maths.usyd.edu.au>
Date: Sat, 1 Dec 2007 21:44:15 +1100
Message-id: <[🔎] 200712011044.lB1AiFUY001774@asti.maths.usyd.edu.au>
Reply-to: Paul Szabo <psz@maths.usyd.edu.au>, 453783@bugs.debian.org
In-reply-to: <[🔎] 200712011037.10880.sf@sfritsch.de>

Dear Stefan,

> This is actually a bug in MSIE, see CVE-2006-5152.

Not a bug in IE only, I have a demo that exploits it under Firefox.
(In fact my demo does not seem to work for IE, yet...)

Not really related to CVE-2006-5152. In fact that is a non-issue: the
CVE references my posts, but fails to reference my retraction
http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049828.html

> ... no plan to backport ... it is of low impact.

I do not think that XSS and cookie theft (thus access to all data
protected by web login) is of low impact.

> ... setting AddDefaultCharset also protects from the issue.
> AddDefaultCharset is on in the default configurations ...

Thanks for that other workaround: yes it seems to protect my machines.
Now I am puzzled why AddDefaultCharset was commented out in my configs.
Still puzzled why Apache did not mention these workarounds.

Cheers,

Paul Szabo   psz@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

Reply to:

Follow-Ups:
- Bug#453783: apache2: CVE-2007-4465
  - From: Stefan Fritsch <sf@sfritsch.de>

References:
- Bug#453783: apache2: CVE-2007-4465
  - From: Stefan Fritsch <sf@sfritsch.de>

Prev by Date: Bug#453783: apache2: CVE-2007-4465
Next by Date: Bug#453783: apache2: CVE-2007-4465
Previous by thread: Processed: Re: Bug#453783: apache2: CVE-2007-4465
Next by thread: Bug#453783: apache2: CVE-2007-4465
Index(es):
- Date
- Thread