Description
Security fixes in Apache version 1.3.39:
- CVE-2006-5752 (cve.mitre.org) mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset "detection". Reported by Stefan Esser. [Joe Orton]
- CVE-2007-3304 (cve.mitre.org) Ensure that the parent process cannot be forced to kill non-child processes by checking scoreboard PID data with parent process privately stored PID data. [Jim Jagielski]
Affected Apache versions (up to 1.3.38).
Remediation
Upgrade Apache to the latest version.
References
Related Vulnerabilities
WordPress Plugin McAvoy Cross-Site Scripting (0.1.0)
Joomla! Core 3.x.x Multiple Cross-Site Request Forgery Vulnerabilities (3.2.0 - 3.9.15)
WordPress Plugin Style Kits-Advanced Theme Styles for Elementor Cross-Site Request Forgery (1.8.0)
WordPress Plugin UserPro-Community and User Profile Cross-Site Scripting (4.9.23)
WordPress Plugin Welcart e-Commerce Multiple Vulnerabilities (1.4.17)