https://bz.apache.org/bugzilla/show_bug.cgi?id=60270
Bug ID: 60270
Summary: Apache COOKIE Information Disclosure
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Windows NT
Status: NEW
Severity: normal
Priority: P2
Component: All
Assignee: bugs@httpd.apache.org
Reporter: sagarbhavar@gmail.com
Created attachment 34384
--> https://bz.apache.org/bugzilla/attachment.cgi?id=34384&action=edit
LATEST VERSION Apache.org BUG in apache
Dear Team,
I am Sagar Bhavar from Pune.
I found the below mentioned a Serious Apache Vulnerability on your domain.
Name of Vuln.: COOKIE INFORMATION DISCLOSURE
Affected URL: http://www.apache.org/
Issue: protocol.c in the Apache HTTP Server does not properly restrict header
information during construction of Bad Request (aka 400) error documents, which
allows remote attackers to obtain the values of HTTPOnly cookies via vectors
involving a long or malformed header in conjunction with crafted web script. By
taking advantage with this attacker could launch further attack.
VULNERABLE APACHE WEB-SERVER VERSION
Exploit Available: YES (Publicly)
Step to Reproduce:
Step 1: Open the URL in browser - http://www.apache.org/
Step 2: Right click in the webpage
Step 3: Click on the 'Inspect Element' Option from the menu
Step 4: Put the exploit code in console window ( For exploit code see the
bottom of the email)
Step 5: Without modification of code it will pop-up with cookie poisoning
Step 6: Now modify code to document.cookie to show cookie poisoning in pop-up
window
Step 7: Also can modify code to document.location="http://example.com" to
redirect site to any other site
Step 8: Now if we visit to http://www.apache.org/ then will get a error page
with cookie poisoning and unavailable page.
Step 9: Now if you try to refresh same page again and again it will gives you
same error page.
Exploit Code: Can be download from the following Link-
"https://gist.githubusercontent.com/pilate/1955a1c28324d4724b7b/raw/7fe51f2a66c1d4a40a736540b3ad3fde02b7fb08/apachexss.js"
"https://www.exploit-db.com/exploits/18442/"
Also please find the attachment for detailed screen capture and exploit code
file.
Awaiting for your valuable reply.
--
Thanks & Regards
Sagar Bhavar
sagarbhavar@gmail.com
Date : 18 October 2016 || issue reported and found date on apache.org
// Please update above dropdown field accordingly
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=60270
Eric Covener <co...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |INVALID
--- Comment #2 from Eric Covener <co...@gmail.com> ---
(In reply to Sagar Bhavar from comment #1)
> Please reply me once.
>
> Awaiting for your positive results.
We don't take security reports in bugzilla.
We don't take security reports about websites in httpd bugzilla.
The screenshot does not demonstrate CVE-2012-0053 or any other info disclosure
(the 400 response only contains the header name "Cookie" and not the header
value
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=60270
Sagar Bhavar <sa...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
URL| |http://www.apache.org/
--- Comment #1 from Sagar Bhavar <sa...@gmail.com> ---
Please reply me once.
Awaiting for your positive results.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org