Description
This alert was generated using only banner information. It may be a false positive.
Fixed in Apache httpd 2.0.61:
- moderate: mod_proxy crash CVE-2007-3847
A flaw was found in the Apache HTTP Server mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. - moderate: mod_status cross-site scripting CVE-2006-5752
A flaw was found in the mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available. - moderate: Signals to arbitrary processes CVE-2007-3304
The Apache HTTP server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the HTTP server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service. - moderate: mod_cache proxy DoS CVE-2007-1863
A bug was found in the mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module.
Affected Apache versions (up to 2.0.60).
Remediation
Upgrade Apache 2.x to the latest version.
References
Related Vulnerabilities
IBM RTC Inadequate Encryption Strength Vulnerability (CVE-2020-4965)
WordPress Plugin Admin Custom Login Cross-Site Request Forgery (3.2.7)
WordPress Plugin Compfight Cross-Site Scripting (1.4)
WordPress 'wp-admin/admin.php' Module Configuration Security Bypass Vulnerability (0.6.2 - 2.8)
LimeSurvey Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2019-16175)