Vulnerabilities affecting this package (0)
| Vulnerability |
Summary |
Fixed by |
|
This package is not known to be affected by vulnerabilities.
|
Vulnerabilities fixed by this package (6)
| Vulnerability |
Summary |
Aliases |
|
VCID-115r-fep2-fyfm
|
A flaw was found in the mod_proxy_balancer module. On sites where mod_proxy_balancer is enabled, an authorized user could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module.
|
CVE-2007-6422
|
|
VCID-2261-sdn2-zbbu
|
A flaw was found in the mod_proxy_balancer module. On sites where mod_proxy_balancer is enabled, a cross-site scripting attack against an authorized user is possible.
|
CVE-2007-6421
|
|
VCID-dqkp-f1my-dbg9
|
A flaw was found in the mod_imagemap module. On sites where mod_imagemap is enabled and an imagemap file is publicly available, a cross-site scripting attack is possible.
|
CVE-2007-5000
|
|
VCID-kgpj-aexq-7kah
|
A flaw was found in the mod_status module. On sites where mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.
|
CVE-2007-6388
|
|
VCID-ss79-kcpu-mqd5
|
A workaround was added in the mod_proxy_ftp module. On sites where mod_proxy_ftp is enabled and a forward proxy is configured, a cross-site scripting attack is possible against Web browsers which do not correctly derive the response character set following the rules in RFC 2616.
|
CVE-2008-0005
|
|
VCID-ud2z-cz2h-6qbr
|
httpd: XSS via UTF-7 encoded urls on the 403 Forbidden error page
|
CVE-2008-2168
|