[NEWS] Emerging XSS Vulnerabilities in html Log Viewers

Thought this to be of interest to the group.

http://isc.incidents.org/analysis.html?id=182

"On March 4th, security researchers Hugo Vazquez Caram & Toni Cortés
Martínez of Infohacking Research, Barcelona, Spain, posted
vulnerability information to bugtraq demonstrating what they call
"ILLC" (Inverse Lookup Log Corruption) on multiple html log
analyzers. They provide examples of attacks that successfully
accomplish Log "IP Spoofing", code injection and hiding
requests. Their work describes a method for sending XSS malicious code
in a domain name returned to information systems performing
inverse/reverse DNS lookups. Their research also covered an additional
XSS exploit and raised DNS issues."

The link goes into more detail about IP Spoofing and Apache 1.3.27.
I'm not sure if this issue has been addressed in any way with the
recent release of 1.3.28; I can't see any reference to it in the
change log. However, the problem seems to exist more at a
configuration level than a bug in Apache.

Regards,
TOG

--
../configure --prefix=~/zyterion
Not this guy or that guy, The Other Guy.

"If you're not thoroughly confused by now, then you just
don't understand the situation."