Sciweavers

Free Online Productivity Tools i2Speak i2Symbol i2OCR iTex2Img iWeb2Print iWeb2Shot i2Type iPdf2Split iPdf2Merge i2Bopomofo i2Arabic i2Style i2Image i2PDF iLatex2Rtf Sci2ools

14

ACSAC
1998
IEEE

favoriteEmaildiscussreport

124views Security Privacy» more ACSAC 1998»

Protecting Web Servers from Security Holes in Server-Side Includes

13 years 8 months ago

Protecting Web Servers from Security Holes in Server-Side Includes

Download www.acsac.org

This paper first investigates and analyzes security holes concerning the use of Server-Side Includes (SSI) in some of the most used Web server software packages. We show that, by exploiting features of SSI, one could seriously compromise Web server security. For example, we demonstrate how users can gain access to information they are not supposed to see, and how attackers can crash a Web server computer by having an HTML file execute a simple program. Such attacks can be made with no trace left behind. We have successfully carried out all the attacks described in this paper on dummy servers we set up for this investigation. We then suggest several practical security measures to prevent a Web server from such attacks.

Jared Karro, Jie Wang

Real-time Traffic

ACSAC 1998 | Security Privacy | Web Server | Web Server Security | Web Server Software |

claim paper

Related Content

» PAKEbased mutual HTTP authentication for preventing phishing attacks

» Prevention of CrossSite Scripting Attacks on Current Web Applications

» SessionSafe Implementing XSS Immune Session Handling

» Web tap detecting covert web traffic

» PeAgent A Mobile Agent System to Support Secure Internet and Web Applications

» Using static analysis for Ajax intrusion detection

» Fast and practical instructionset randomization for commodity systems

» A convenient method for securely managing passwords

» AID A global antiDoS service

Post Info
More Details (n/a)

Added	04 Aug 2010
Updated	04 Aug 2010
Type	Conference
Year	1998
Where	ACSAC
Authors	Jared Karro, Jie Wang

Comments (0)