New Apache PHP XSS Bug Displays Modified HTTP Request Text to Users

save
Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

A researcher has discovered a cross-site scripting vulnerability caused by mishandling of a PHP header in Apache version 2.x. Upgrade PHP and review privileges for applications and services using it.

Background

Researcher Prashanth Varma posted PHP Bug #76582 for Apache version 2.x that details a cross-site scripting (XSS) bug which could allow an unauthenticated attacker to send a malicious POST request that echoes the embedded script in the body of the response. The Center for Internet Security (CIS) issued an advisory stating that PHP versions 7.2 (prior to 7.2.10), 7.1 (prior to 7.1.22), 7.0 (prior to 7.0.32) and 5.6 (prior to 5.6.38) are all vulnerable. At the time of publication, there is no CVE for this vulnerability.

Vulnerability details

Apache mishandles the “Transfer-Encoding: chunked” PHP header that normally sends data chunks to another host in a transfer request. When exploited, it displays text in an error window in the active browser session. The exploit requires a locally run script, but does not require user interaction or authentication to run. The attacker could include a malicious link in these error messages, opening the user up to further attack if clicked.

As with any XSS attack, unsanitized text could allow for arbitrary code execution beyond a simple error message. No instances of more sophisticated attacks have been seen at the time of this writing, but as time progresses, additional attacks could use this exploit as a vector.

Urgently required actions

Upgrade PHP to the latest version to ensure that assets have the latest security patches. We also recommend reviewing privileges and asset access of any apps or services that utilize PHP in order to understand what targets are at risk. And, as always, reinforce security awareness with users, so they know the risks of clicking on links in error messages. Clicking on new messages from trusted sites can be just as dangerous as clicking on messages from untrusted sources.

Identifying affected systems

Tenable will be releasing plugins to scan for this vulnerability shortly and will continue to monitor the situation. Even though this vulnerability only appears to affect Apache at this time, we recommend upgrading PHP to the latest version, even for users using other platforms that utilize PHP, to minimize risk.

Get more information

Learn more about Tenable.io, the first Cyber Exposure platform for holistic management of your modern attack surface. Get a free 60-day trial of Tenable.io Vulnerability Management.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
Follow
1590 Followers
About Tenable
Tenable™, Inc. is the Cyber Exposure company. Over 24,000 organizations of all sizes around the globe rely on Tenable to manage and measure their modern attack surface to accurately understand and reduce cyber risk. As the creator of Nessus®, Tenable built its platform from the ground up to deeply understand assets, networks and vulnerabilities, extending this knowledge and expertise into Tenable.io™ to deliver the world’s first platform to provide live visibility into any asset on any computing platform. Tenable customers include over 50 percent of the Fortune 500, large government agencies and organizations across the private and public sectors. Learn more at tenable.com.
Promoted Content
Five Steps to Building a Successful Vulnerability Management Program
Is your vulnerability management program struggling? Despite proven technology solutions and the best efforts of IT teams, unresolved vulnerabilities remain an ongoing source of friction and frustration in many organizations. Regardless of how many vulnerabilities are fixed, there will always be vulnerabilities that can’t easily be remediated – and too often, finger-pointing between IT teams and business groups can ensue.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel