[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#540862: apache2: xml-based firewall bypass / port scanning vulnerability

On Monday 10 August 2009, Michael S Gilbert wrote:
> it has been dislosed that apache (and potentially other web
> servers) can be used to port scan behind a firewall.  i don't think
> this issue issue too severe, but a firewall bypass nevertheless is
> probably not a good thing.  see [0].
> [0]
> http://www.sift.com.au/assets/downloads/SIFT-XML-Port-Scanning-v1-0

I believe the only part of apache that parses xml is mod_dav. And for 
this, the fix for CVE-2009-1955 in apr-util has already disabled XML 
entity expansion altogether. Therefore I don't think apache itself is 
vulnerable. Of course, if their scanner is available, it would make 
sense to actually test this.

OTOH, there are probably many web applications that are vulnerable. 
But there is nothing to be done about that in Apache.

Reply to: