LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-19-2005, 01:19 PM   #1
abhijeetudas
Member
 
Registered: Sep 2004
Distribution: Redhat / Fedora
Posts: 114

Rep: Reputation: 15
Apache XSS prevention


I have a Apache 2.0.53 Web server running.. on a Fedora Core 3
& it is vunerable to XSS. i tried looking on the apache.org web site.. for some information on how to patch it
but could not understand any thing,..


any one have any idea's on how to patch it so that i i can prevent XSS >??


regards & Thanks
 
Old 03-20-2005, 07:25 AM   #2
TigerOC
Senior Member
 
Registered: Jan 2003
Location: Devon, UK
Distribution: Debian Etc/kernel 2.6.18-4K7
Posts: 2,380

Rep: Reputation: 49
You'll find a good explanation here . After a quick read through I would say that not using cgi would obviate risks.
 
Old 03-20-2005, 09:05 AM   #3
abhijeetudas
Member
 
Registered: Sep 2004
Distribution: Redhat / Fedora
Posts: 114

Original Poster
Rep: Reputation: 15
Hey thanks for the link it is a great help
im not using CGI or PHP

im using JSP,
any more tips/ advise for security on Apache ?
 
Old 03-21-2005, 02:49 PM   #4
TruckStuff
Member
 
Registered: Apr 2002
Posts: 498

Rep: Reputation: 30
Technically, Apache isn't vulnerable to XSS attacks. Its the code that you are running that creates XSS vulnerabilities. Lets start with why you think you are vulnerable to XSSing and go from there.
 
Old 03-22-2005, 06:10 AM   #5
abhijeetudas
Member
 
Registered: Sep 2004
Distribution: Redhat / Fedora
Posts: 114

Original Poster
Rep: Reputation: 15
Im Learning some servlets ,
im using tomcat to do some jsp processing
& just to check how secure the code is..
i ran nikto..
which reported that the site is vunerable to
XSS .. so was looking for some help
on XSS :-)
 
Old 03-22-2005, 04:37 PM   #6
TruckStuff
Member
 
Registered: Apr 2002
Posts: 498

Rep: Reputation: 30
So the applet is vulnerable to XSS, not apache. Need to start looking for a solution in the applet code.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Virus prevention, in particular the jpg exploit Whiskers Linux - Security 8 10-05-2004 05:21 AM
StartX Problems. Prevention and Cure Questions. JC404 Linux - Software 1 09-01-2003 12:17 PM
Basic intrustion detection/prevention jamesrh Linux - Networking 5 05-18-2003 03:25 PM
Email spamming prevention m_sree Linux - Security 4 01-16-2003 09:54 AM
X Window Autostart Prevention Stephanie Linux - General 4 05-12-2001 02:12 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration