Apache version older than 1.3.41

Description
  • <div class="bb-coolbox"><span class="bb-dark">This alert was generated using only banner information. It may be a false positive. </span></div><br/><strong>Security fixes in Apache version 1.3.41:</strong><br/><ul> <li>CVE-2007-6388 (cve.mitre.org) mod_status: Ensure refresh parameter is numeric to prevent a possible XSS attack caused by redirecting to other URLs. Reported by SecurityReason. [Mark Cox]</li> </ul> <br/><strong>Security fixes in Apache version 1.3.40:</strong><br/><ul> <li>CVE-2007-5000 (cve.mitre.org) mod_imap: Fix cross-site scripting issue. Reported by JPCERT. [Joe Orton]</li> <li>CVE-2007-3847 (cve.mitre.org) mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. PR 41144. With Apache 1.3, the denial of service vulnerability applies only to the Windows and NetWare platforms. [Jeff Trawick]</li> </ul><br/> <span class="bb-navy">Affected Apache versions (up to 1.3.39).</span><br/>
Remediation
  • Upgrade Apache to the latest version.
References