SynopsisApache 2.4.x < 2.4.3 Multiple Vulnerabilities
DescriptionAccording to its banner, the version of Apache 2.4.x running on the remote host is prior 2.4.3. It is, therefore, affected by the following vulnerabilities :
- An input validation error exists related to 'mod_negotiation', 'Multiviews' and untrusted uploads that can allow cross-site scripting attacks. (CVE-2012-2687)
- An error exists related to 'mod_proxy_ajp' and 'mod_proxy_http' that can allow connections to remain open. This condition can allow information disclosure when combined with specially crafted requests. (CVE-2012-3502)
Note that the scanner did not actually test for these issues, but instead has relied on the version in the server's banner.
SolutionUpgrade to Apache version 2.4.3 or later.