Description

This alert was generated using only banner information. It may be a false positive.

Security fixes in Apache version 1.3.41:
  • CVE-2007-6388 (cve.mitre.org) mod_status: Ensure refresh parameter is numeric to prevent a possible XSS attack caused by redirecting to other URLs. Reported by SecurityReason. [Mark Cox]

Security fixes in Apache version 1.3.40:
  • CVE-2007-5000 (cve.mitre.org) mod_imap: Fix cross-site scripting issue. Reported by JPCERT. [Joe Orton]
  • CVE-2007-3847 (cve.mitre.org) mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. PR 41144. With Apache 1.3, the denial of service vulnerability applies only to the Windows and NetWare platforms. [Jeff Trawick]

Affected Apache versions (up to 1.3.39).

Remediation

Upgrade Apache to the latest version.

References

Apache HTTP Server 1.x announcement

Apache homepage

Related Vulnerabilities

WordPress Plugin SP Project & Document Manager SQL Injection (2.5.3)

WordPress Plugin NextGEN Gallery-WordPress Gallery Directory Traversal (2.1.9)

WordPress Plugin Ecwid Ecommerce Shopping Cart PHP Object Injection (4.4.3)

WordPress Plugin KittyCatfish Ads by Missilesilo SQL Injection (2.2)

WordPress Plugin Fusion:Extension-Gallery Multiple Unspecified Vulnerabilities (1.0.4)

Severity

Medium

Classification

CVE-2007-6388 CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update XSS