Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache 2.4 < 2.4.3 Multiple Vulnerabilities

Medium

Synopsis

The remote web server is affected by multiple vulnerabilities

Description

The remote host is running a Apache HTTP server.

Versions earlier than 2.4.3 are vulnerable to the following vulnerabilities :

- An input validation error exists related to 'mod_negotiation', 'Multiviews' and untrusted uploads that can allow cross-site scripting attacks. (CVE-2012-2687)

- An error exists related to 'mod_proxy_ajp' and 'mod_proxy_http' that can allow connections to remain open. This condition can allow information disclosure when combined with specially crafted requests. (CVE-2012-3502)

Solution

Upgrade to Apache version 2.4.3 or later