Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache 2.2 < 2.2.24 Multiple Cross-Site Scripting Vulnerabilites

Medium

Synopsis

The remote web server is affected by multiple vulnerabilities

Description

The remote host is running a Apache HTTP server.

Versions earlier than 2.4.4 are vulnerable to the following vulnerabilities :

- Errors exist related to the modules mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp and unescaped hostnames and URIs that could allow cross-site scripting attacks. (CVE-2012-3499)

- An error exists related to the mod_proxy_balancer module's manager interface that could allow cross-site scripting attacks. (CVE-2012-4558)

Solution

Either ensure that the affected modules are not in use or upgrade to Apache version 2.2.24 or later