Vulnerability & Exploit Database

Back to search

CESA-2008:0008: httpd security update

Severity CVSS Published Added Modified
4 (AV:N/AC:M/Au:N/C:N/I:P/A:N) January 11, 2008 March 12, 2010 July 04, 2017

Description

The Apache HTTP Server is a popular Web server.A flaw was found in the mod_imagemap module. On sites where mod_imagemapwas enabled and an imagemap file was publicly available, a cross-sitescripting attack was possible. (CVE-2007-5000)A flaw was found in the mod_autoindex module. On sites where directorylistings are used, and the "AddDefaultCharset" directive has been removedfrom the configuration, a cross-site scripting attack might have beenpossible against Web browsers which do not correctly derive the responsecharacter set following the rules in RFC 2616. (CVE-2007-4465)A flaw was found in the mod_status module. On sites where mod_status wasenabled and the status pages were publicly available, a cross-sitescripting attack was possible. (CVE-2007-6388)A flaw was found in the mod_proxy_balancer module. On sites wheremod_proxy_balancer was enabled, a cross-site scripting attack against anauthorized user was possible. (CVE-2007-6421)A flaw was found in the mod_proxy_balancer module. On sites wheremod_proxy_balancer was enabled, an authorized user could send a carefullycrafted request that would cause the Apache child process handling thatrequest to crash. This could lead to a denial of service if using athreaded Multi-Processing Module. (CVE-2007-6422) A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftpwas enabled and a forward proxy was configured, a cross-site scriptingattack was possible against Web browsers which do not correctly derive theresponse character set following the rules in RFC 2616. (CVE-2008-0005)Users of Apache httpd should upgrade to these updated packages, whichcontain backported patches to resolve these issues. Users should restarthttpd after installing this update.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

centos-upgrade-httpd

Related Vulnerabilities