FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mod_pubcookie -- cross site scripting vulnerability

Affected packages
mod_pubcookie < 3.3.0

Details

VuXML ID 91afa94c-c452-11da-8bff-000ae42e9b93
Discovery 2006-03-06
Entry 2006-04-05

Nathan Dors of the Pubcookie Project reports:

Non-persistent XSS vulnerabilities were found in the Pubcookie Apache module (mod_pubcookie) and ISAPI filter. These components mishandle untrusted data when printing responses to the browser. This makes them vulnerable to carefully crafted requests containing script or HTML. If an attacker can lure an unsuspecting user to visit carefully staged content, the attacker can use it to redirect the user to a vulnerable Pubcookie application server and attempt to exploit the XSS vulnerabilities.

These vulnerabilities are classified as *high* due to the nature and purpose of Pubcookie application servers for user authentication and Web Single Sign-on (SSO). An attacker who injects malicious script through the vulnerabilities might steal private Pubcookie data including a user's authentication assertion ("granting") cookies and application session cookies.

References

CERT/CC Vulnerability Note 314540