Apache 2.x version older than 2.2.9

Description
  • <div class="bb-coolbox"><span class="bb-dark">This alert was generated using only banner information. It may be a false positive. </span></div><br/><strong>Fixed in Apache httpd 2.2.9:</strong><br/><ul> <li> <strong>low</strong>: mod_proxy_balancer CSRF CVE-2007-6420<br/> The mod_proxy_balancer provided an administrative interface that could be vulnerable to cross-site request forgery (CSRF) attacks. </li> <li> <strong>moderate</strong>: mod_proxy_http DoS CVE-2008-2364<br/> A flaw was found in the handling of excessive interim responses from an origin server when using mod_proxy_http. A remote attacker could cause a denial of service or high memory usage. </li> </ul><br/> <span class="bb-navy">Affected Apache versions (2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0).</span><br/>
Remediation
  • Upgrade Apache 2.x to the latest version.
References