Apache version older than 1.3.41

Apache version older than 1.3.41

Published on 2008-06-12. Updated on 2008-06-12.

Description:

Security fixes in Apache version 1.3.41:

• CVE-2007-6388 (cve.mitre.org) mod_status: Ensure refresh parameter is numeric to prevent a possible XSS attack caused by redirecting to other URLs. Reported by SecurityReason. [Mark Cox]

Security fixes in Apache version 1.3.40:

• CVE-2007-5000 (cve.mitre.org) mod_imap: Fix cross-site scripting issue. Reported by JPCERT. [Joe Orton]
• CVE-2007-3847 (cve.mitre.org) mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. PR 41144. With Apache 1.3, the denial of service vulnerability applies only to the Windows and NetWare platforms. [Jeff Trawick]

Affected Apache versions (up to 1.3.39).

Impact:
Check references for details about each vulnerability.

Recommendation:
Upgrade Apache to the latest version.

Tags: Scripts

Alert Tags: configuration
ApplicableApplicationServer : All
ApplicableOS: All
ApplicableWebServer: Apache

References:

Apache HTTP Server 1.x announcement

Apache homepage

Go Back

• Product Information
• Download
• Product Tour
• Brochure (PDF)
• Pricing
• Testimonials
• Customer references
• Resell Acunetix
• Acunetix in the Press
• List of vulnerability checks

• Learn more
• SQL Injection
• Cross site scripting
• Web Security
• Directory Traversal
• Ajax Application Security
• Google Hacking