Apache 2.4.1 to 2.4.3 Multiple Cross-Site Scripting Vulnerabilites
Medium Nessus Network Monitor Plugin ID 6700
SynopsisThe remote web server is affected by multiple vulnerabilities
DescriptionThe remote host is running a Apache HTTP server.
Versions 2.4.1 to 2.4.3 inclusive are vulnerable to the following vulnerabilities :
- Errors exist related to the modules mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp and unescaped hostnames and URIs that could allow cross-site scripting attacks. (CVE-2012-3499)
- An error exists related to the mod_proxy_balancer module's manager interface that could allow cross-site scripting attacks. (CVE-2012-4558)
SolutionEither ensure that the affected modules are not in use or upgrade to Apache version 2.4.4 or later