Apache 2.4 < 2.4.4 Multiple Cross-Site Scripting Vulnerabilities
Medium Log Correlation Engine Plugin ID 800961
SynopsisThe remote web server is affected by multiple vulnerabilities
DescriptionThe remote host is running a Apache HTTP server.
Versions earlier than 2.4.4 are vulnerable to the following vulnerabilities :
- Errors exist related to the modules mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp and unescaped hostnames and URIs that could allow cross-site scripting attacks. (CVE-2012-3499)
- An error exists related to the mod_proxy_balancer module's manager interface that could allow cross-site scripting attacks. (CVE-2012-4558)
SolutionEither ensure that the affected modules are not in use or upgrade to Apache version 2.4.4 or later