Description
Security fixes in Apache version 1.3.39:
- CVE-2006-5752 (cve.mitre.org) mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset "detection". Reported by Stefan Esser. [Joe Orton]
- CVE-2007-3304 (cve.mitre.org) Ensure that the parent process cannot be forced to kill non-child processes by checking scoreboard PID data with parent process privately stored PID data. [Jim Jagielski]
Affected Apache versions (up to 1.3.38).
Remediation
Upgrade Apache to the latest version.
References
Related Vulnerabilities
WordPress 4.1.x Cross-Domain Flash Injection Vulnerability (4.1 - 4.1.21)
WordPress Plugin Custom Dashboard & Login Page-AGCA Cross-Site Scripting (6.9.1)
WordPress Plugin HyperComments Arbitrary File Deletion (1.2.2)
WordPress Plugin DW Question & Answer Cross-Site Request Forgery (1.5.7)
WordPress Plugin Master Popups Remote Code Execution (1.0.0)