Description
This alert was generated using only banner information. It may be a false positive.
Fixed in Apache httpd 2.0.63:
-
low: mod_proxy_ftp UTF-7 XSS CVE-2008-0005
A workaround was added in the mod_proxy_ftp module. On sites where mod_proxy_ftp is enabled and a forward proxy is configured, a cross-site scripting attack is possible against Web browsers which do not correctly derive the response character set following the rules in RFC 2616. -
moderate: mod_status XSS CVE-2007-6388
A flaw was found in the mod_status module. On sites where mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available. -
moderate: mod_imap XSS CVE-2007-5000
A flaw was found in the mod_imap module. On sites where mod_imap is enabled and an imagemap file is publicly available, a cross-site scripting attack is possible.
Affected Apache versions (up to 2.0.62).
Remediation
Upgrade Apache 2.x to the latest version.
References
Related Vulnerabilities
WordPress Plugin WP Fastest Cache Arbitrary File Deletion (0.8.9.0)
WordPress Plugin About Author Box Cross-Site Scripting (1.0.1)
WordPress Plugin Simply Instagram Cross-Site Scripting (1.2.6)
WordPress Plugin Easy Accept Payments for PayPal Cross-Site Scripting (4.9.9)
WordPress Plugin Change WordPress Login Logo Cross-Site Scripting (1.1.4)