TITLE: httprint Server Banner Script Insertion and Denial of Service SECUNIA ADVISORY ID: SA18208 VERIFY ADVISORY: http://secunia.com/advisories/18208/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, DoS WHERE: >From remote SOFTWARE: httprint 2.x http://secunia.com/product/6659/ DESCRIPTION: Mariano Nunez Di Croce has reported a vulnerability and a weakness in httprint, which can be exploited by malicious people to conduct script insertion attacks and to cause a DoS (Denial of Service). 1) The Server Header value returned in the HTTP response from a web site isn't properly sanitised before being used to generate a HTML-based report. This can be exploited to execute arbitrary HTML and script code in the "My Computer" zone when the report is viewed in Internet Explorer. 2) An error exists when handling an overly long Server Header value returned in the HTTP response. This can be exploited to crash httprint or to cause CPU usage to go up to 100% via a response that is longer than 1024 bytes. Successful exploitation requires that the user is tricked into scanning a malicious web site. The vulnerability and weakness have been reported in version 2.02. Other versions may also be affected. SOLUTION: The vulnerability has been fixed in version 3.01 (beta). http://net-square.com/httprint/#downloads PROVIDED AND/OR DISCOVERED BY: Mariano Nunez Di Croce, Cybsec S.A. ORIGINAL ADVISORY: net-square: http://net-square.com/httprint/#history Cybsec S.A.: http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_httprint_Multiple_Vulnerabilities.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------