• This alert was generated using only banner information. It may be a false positive.
  
  Security fixes in Apache version 1.3.41:
  
  • CVE-2007-6388 (cve.mitre.org) mod_status: Ensure refresh parameter is numeric to prevent a possible XSS attack caused by redirecting to other URLs. Reported by SecurityReason. [Mark Cox]
  
  Security fixes in Apache version 1.3.40:
  
  • CVE-2007-5000 (cve.mitre.org) mod_imap: Fix cross-site scripting issue. Reported by JPCERT. [Joe Orton]
  • CVE-2007-3847 (cve.mitre.org) mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. PR 41144. With Apache 1.3, the denial of service vulnerability applies only to the Windows and NetWare platforms. [Jeff Trawick]
  
  Affected Apache versions (up to 1.3.39).
  

• Upgrade Apache to the latest version.

• • Apache HTTP Server 1.x announcement
  • Apache homepage

• 

• CVE-2007-6388

• CWE-79

• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

• Missing Update XSS

• WordPress Plugin Advanced Access Manager Security Bypass (3.2.1)
• WordPress Plugin MSMC-Redirect After Comment Multiple Vulnerabilities (2.1.2)
• WordPress Plugin Oleggo LiveStream Cross-Site Scripting (0.2.6)
• WordPress Plugin Hustle-Pop-Ups, Slide-ins and Email Opt-ins Cross-Site Scripting (4.7.0.5)
• WordPress 3.8.x Cross-Domain Flash Injection Vulnerability (3.8 - 3.8.24)