Bug#540862: apache2: xml-based firewall bypass / port scanning vulnerability

To: Michael S Gilbert <michael.s.gilbert@gmail.com>
Cc: 540862@bugs.debian.org
Subject: Bug#540862: apache2: xml-based firewall bypass / port scanning vulnerability
From: Stefan Fritsch <sf@sfritsch.de>
Date: Mon, 10 Aug 2009 21:14:46 +0200
Message-id: <[🔎] 200908102114.46495.sf@sfritsch.de>
Reply-to: Stefan Fritsch <sf@sfritsch.de>, 540862@bugs.debian.org
In-reply-to: <[🔎] 8e2a98be0908101032x790617d8hcb8b22fd2bb48511@mail.gmail.com>
References: <[🔎] 8e2a98be0908101032x790617d8hcb8b22fd2bb48511@mail.gmail.com>

On Monday 10 August 2009, Michael S Gilbert wrote:
> it has been dislosed that apache (and potentially other web
> servers) can be used to port scan behind a firewall.  i don't think
> this issue issue too severe, but a firewall bypass nevertheless is
> probably not a good thing.  see [0].
>
> [0]
> http://www.sift.com.au/assets/downloads/SIFT-XML-Port-Scanning-v1-0
>0.pdf

I believe the only part of apache that parses xml is mod_dav. And for 
this, the fix for CVE-2009-1955 in apr-util has already disabled XML 
entity expansion altogether. Therefore I don't think apache itself is 
vulnerable. Of course, if their scanner is available, it would make 
sense to actually test this.

OTOH, there are probably many web applications that are vulnerable. 
But there is nothing to be done about that in Apache.

Reply to:

References:
- Bug#540862: apache2: xml-based firewall bypass / port scanning vulnerability
  - From: Michael S Gilbert <michael.s.gilbert@gmail.com>

Prev by Date: Bug#540862: apache2: xml-based firewall bypass / port scanning vulnerability
Next by Date: Sulik.sk - Kandidujte za poslanca do VUC!
Previous by thread: Bug#540862: apache2: xml-based firewall bypass / port scanning vulnerability
Next by thread: Sulik.sk - Kandidujte za poslanca do VUC!
Index(es):
- Date
- Thread