Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

mod_ssl < 2.8.10 Wildcard DNS Server Name XSS

Medium

Synopsis

The remote host is using a version of mod_ssl which is older than 2.8.10.

Description

The remote host is using a version of mod_ssl which is older than 2.8.10. This version is vulnerable to a flaw which may allow an attacker to successfully perform a cross-site scripting attack. *** Note that several Linux distributions (such as RedHat) patched this CGI without increasing its version number, therefore this might be a false positive.

Solution

Upgrade to mod_ssl 2.8.10 or higher.