Mbedthis AppWeb HTTP TRACE Method Cross-Site Scripting Vulnerability Network Vulnerability

Summary

The host is running Mbedthis AppWeb Server and is prone to cross site scripting vulnerability.

Impact

Successful exploitation could allow attackers to gain sensitive information or inject arbitrary web script or HTML. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Impact Level: System/Application

Solution

Disable TRACE method or upgrade to Mbedthis AppWeb 2.2.2 or later For updates refer to http://appwebserver.org/index.html

Insight

The flaw is due to improper handling of HTTP requests using the 'TRACE' method, which allows attackers to inject arbitrary HTML via crafted HTTP TRACE request.

Affected

Mbedthis AppWeb versions prior to 2.2.2

References

http://osvdb.org/35511
http://secunia.com/advisories/25636
http://www.appwebserver.org/forum/viewtopic.php?t=996
http://www.kb.cert.org/vuls/id/867593
http://xforce.iss.net/xforce/xfdb/34854

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-3008

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apple Safari Multiple Vulnerabilities
Asterisk Missing ACL Check Remote Security Bypass Vulnerability
Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)
Asterisk SIP REGISTER Response Username Enumeration Vulnerability
Apple Safari Multiple Vulnerabilities Dec13 (Mac OS X)

Take action and discover your vulnerabilities