Description
Security fixes in Apache version 1.3.41:
- CVE-2007-6388 (cve.mitre.org) mod_status: Ensure refresh parameter is numeric to prevent a possible XSS attack caused by redirecting to other URLs. Reported by SecurityReason. [Mark Cox]
Security fixes in Apache version 1.3.40:
- CVE-2007-5000 (cve.mitre.org) mod_imap: Fix cross-site scripting issue. Reported by JPCERT. [Joe Orton]
- CVE-2007-3847 (cve.mitre.org) mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. PR 41144. With Apache 1.3, the denial of service vulnerability applies only to the Windows and NetWare platforms. [Jeff Trawick]
Affected Apache versions (up to 1.3.39).
Remediation
Upgrade Apache to the latest version.
References
Related Vulnerabilities
WordPress Plugin WPMktgEngine Security Bypass (3.7.6)
WordPress Plugin Hungred Post Thumbnail 'hpt_file_upload.php' Arbitrary File Upload (2.1.9)
WordPress Plugin Charitable-Donation Security Bypass (1.5.13)
Drupal Core 8.8.x Security Bypass (8.8.0 - 8.8.9)
WordPress Plugin Visual Form Builder Multiple Cross-Site Scripting Vulnerabilities (2.8.6)