Description

This alert was generated using only banner information. It may be a false positive.

Security fixes in Apache version 1.3.39:
  • CVE-2006-5752 (cve.mitre.org) mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset "detection". Reported by Stefan Esser. [Joe Orton]
  • CVE-2007-3304 (cve.mitre.org) Ensure that the parent process cannot be forced to kill non-child processes by checking scoreboard PID data with parent process privately stored PID data. [Jim Jagielski]

Affected Apache versions (up to 1.3.38).

Remediation

Upgrade Apache to the latest version.

References

Apache HTTP Server 1.x announcement

Apache homepage

Related Vulnerabilities

WordPress Plugin JS MultiHotel Multiple Vulnerabilities (2.2.1)

Joomla! Core 3.9.x Cross-Site Scripting (3.9.0 - 3.9.14)

WordPress Plugin Custom Post Types and Custom Fields creator-WCK Multiple Unspecified Vulnerabilities (1.2.9)

WordPress Plugin Photoracer Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (1.0)

WordPress Plugin WP e-Commerce Shop Styling Local File Inclusion (2.9.1)

Severity

Medium

Classification

CVE-2006-5752 CVE-2007-3304 CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Denial Of Service Missing Update XSS