Apache 2.x version older than 2.0.63

Apache 2.x version older than 2.0.63

Published on 2008-06-12. Updated on 2008-06-12.

Description:

Fixed in Apache httpd 2.0.63:

• low: mod_proxy_ftp UTF-7 XSS CVE-2008-0005
  A workaround was added in the mod_proxy_ftp module. On sites where mod_proxy_ftp is enabled and a forward proxy is configured, a cross-site scripting attack is possible against Web browsers which do not correctly derive the response character set following the rules in RFC 2616.
• moderate: mod_status XSS CVE-2007-6388
  A flaw was found in the mod_status module. On sites where mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.
• moderate: mod_imap XSS CVE-2007-5000
  A flaw was found in the mod_imap module. On sites where mod_imap is enabled and an imagemap file is publicly available, a cross-site scripting attack is possible.

Affected Apache versions (up to 2.0.62).

Impact:
Check references for details about every vulnerability.

Recommendation:
Upgrade Apache 2.x to the latest version.

Tags: Scripts

Alert Tags: configuration
ApplicableApplicationServer : All
ApplicableOS: All
ApplicableWebServer: Apache

References:

Apache homepage

Apache HTTP Server 2.x announcement

Go Back

• Product Information
• Download
• Product Tour
• Brochure (PDF)
• Pricing
• Testimonials
• Customer references
• Resell Acunetix
• Acunetix in the Press
• List of vulnerability checks

• Learn more
• SQL Injection
• Cross site scripting
• Web Security
• Directory Traversal
• Ajax Application Security
• Google Hacking