Please Install the Updated Packages.

The Apache HTTP Server is a popular Web server. A flaw was found in the mod_imap module. On sites where mod_imap was enabled and an imagemap file was publicly available, a cross-site scripting attack was possible. (CVE-2007-5000) A flaw was found in the mod_autoindex module. On sites where directory listings are used, and the &quot AddDefaultCharset&quot directive has been removed from the configuration, a cross-site scripting attack was possible against Web browsers which do not correctly derive the response character set following the rules in RFC 2616. (CVE-2007-4465) A flaw was found in the mod_status module. On sites where mod_status was enabled and the status pages were publicly available, a cross-site scripting attack was possible. (CVE-2007-6388) A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp was enabled and a forward proxy was configured, a cross-site scripting attack was possible against Web browsers which do not correctly derive the response character set following the rules in RFC 2616. (CVE-2008-0005) Users of Apache httpd should upgrade to these updated packages, which contain backported patches to resolve these issues. Users should restart httpd after installing this update.

httpd on Red Hat Enterprise Linux AS version 4, Red Hat Enterprise Linux ES version 4, Red Hat Enterprise Linux WS version 4

• https://www.redhat.com/archives/rhsa-announce/2008-January/msg00007.html

---

Updated on 2015-03-25