Detections
Analytics

FreeBSD : mod_pubcookie -- XSS vulnerability (91afa94c-c452-11da-8bff-000ae42e9b93)

high Nessus Plugin ID 21474

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Nathan Dors of the Pubcookie Project reports :

Non-persistent XSS vulnerabilities were found in the Pubcookie Apache module (mod_pubcookie) and ISAPI filter. These components mishandle untrusted data when printing responses to the browser. This makes them vulnerable to carefully crafted requests containing script or HTML. If an attacker can lure an unsuspecting user to visit carefully staged content, the attacker can use it to redirect the user to a vulnerable Pubcookie application server and attempt to exploit the XSS vulnerabilities.

These vulnerabilities are classified as *high* due to the nature and purpose of Pubcookie application servers for user authentication and Web Single Sign-on (SSO). An attacker who injects malicious script through the vulnerabilities might steal private Pubcookie data including a user's authentication assertion ('granting') cookies and application session cookies.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?1b61fd3b

Plugin Details

Severity: High

ID: 21474

File Name: freebsd_pkg_91afa94cc45211da8bff000ae42e9b93.nasl

Version: 1.13

Type: local

Published: 5/13/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mod_pubcookie, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 4/5/2006

Vulnerability Publication Date: 3/6/2006

Reference Information

CERT: 314540