Description

This alert was generated using only banner information. It may be a false positive.

Security fixes in Apache version 1.3.39:
  • CVE-2006-5752 (cve.mitre.org) mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset "detection". Reported by Stefan Esser. [Joe Orton]
  • CVE-2007-3304 (cve.mitre.org) Ensure that the parent process cannot be forced to kill non-child processes by checking scoreboard PID data with parent process privately stored PID data. [Jim Jagielski]

Affected Apache versions (up to 1.3.38).

Remediation

Upgrade Apache to the latest version.

References

Apache HTTP Server 1.x announcement

Apache homepage

Related Vulnerabilities

WordPress Plugin Import any XML or CSV File to WordPress Pro Multiple Vulnerabilities (4.1.1)

WordPress Plugin Yoast SEO Cross-Site Scripting (5.7.1)

WordPress Plugin Featured Content 'param' Parameter Cross-Site Scripting (0.0.1)

WordPress Plugin Slider Hero with Animation, Video Background SQL Injection (8.2.6)

WordPress Plugin BuddyPress Extended Friendship Request Cross-Site Scripting (1.0.1)

Severity

Medium

Classification

CVE-2006-5752 CVE-2007-3304 CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Denial Of Service Missing Update XSS