Description

This alert was generated using only banner information. It may be a false positive.

Security fixes in Apache version 1.3.39:
  • CVE-2006-5752 (cve.mitre.org) mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset "detection". Reported by Stefan Esser. [Joe Orton]
  • CVE-2007-3304 (cve.mitre.org) Ensure that the parent process cannot be forced to kill non-child processes by checking scoreboard PID data with parent process privately stored PID data. [Jim Jagielski]

Affected Apache versions (up to 1.3.38).

Remediation

Upgrade Apache to the latest version.

References

Apache HTTP Server 1.x announcement

Apache homepage

Related Vulnerabilities

WordPress Plugin WP eCommerce 'cs1' Parameter SQL Injection (3.8.6)

WordPress Plugin WooCommerce Arbitrary File Deletion (3.4.5)

WordPress Plugin WA Form Builder SQL Injection (1.1)

WordPress Plugin WordPress WP-Advanced-Search Unspecified Vulnerability (3.3.3)

WordPress Plugin Google Doc Embedder SQL Injection (2.5.14)

Severity

Medium

Classification

CVE-2006-5752 CVE-2007-3304 CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Denial Of Service Missing Update XSS