Apache XSS prevention

abhijeetudas · 03-19-2005, 12:19 PM

I have a Apache 2.0.53 Web server running.. on a Fedora Core 3
& it is vunerable to XSS. i tried looking on the apache.org web site.. for some information on how to patch it
but could not understand any thing,..

any one have any idea's on how to patch it so that i i can prevent XSS >??

regards & Thanks

TigerOC · 03-20-2005, 06:25 AM

You'll find a good explanation here . After a quick read through I would say that not using cgi would obviate risks.

abhijeetudas · 03-20-2005, 08:05 AM

Hey thanks for the link it is a great help
im not using CGI or PHP

im using JSP,
any more tips/ advise for security on Apache ?

TruckStuff · 03-21-2005, 01:49 PM

Technically, Apache isn't vulnerable to XSS attacks. Its the code that you are running that creates XSS vulnerabilities. Lets start with why you think you are vulnerable to XSSing and go from there.

abhijeetudas · 03-22-2005, 05:10 AM

Im Learning some servlets ,
im using tomcat to do some jsp processing
& just to check how secure the code is..
i ran nikto..
which reported that the site is vunerable to
XSS .. so was looking for some help
on XSS :-)

TruckStuff · 03-22-2005, 03:37 PM

So the applet is vulnerable to XSS, not apache. Need to start looking for a solution in the applet code.