SecuriTeam"! - Apache2 mod_proxy_balancer CSRF, XSS, Memory Corruption and DoS Vulnerability

Apache2のmod_proxy_balancerにCSRFクロスサイトスクリプティング、不正なメモリ、DoSを受ける脆弱性と盛りだくさんの脆弱性が見つかっています。

First XSS

The HTML Injection (XSS) vulnerability exist in "mod_proxy_balancer.c" .

By Enabling Balancer Manager Support we can trigger XSS vulnerability .

Input passed to the:
"ss" - called ""StickySession Identifier",
"wr" - called "Route",
"rr" - called "Route Redirect",
parameters in balancer-manager are not properly sanitized leading to execute arbitrary HTML and script code in a victim's browser.

Second XSS

Input passed in the URL to "balancer-manager" is not properly sanitized leading to execute arbitrary HTML and script code in a victim's browser.

screenshot