MDVSA-2013:015 -- Mandriva apacheID: oval:org.secpod.oval:def:303000 | Date: (C)2013-02-26 (M)2023-12-07 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been found and corrected in apache : Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp . XSS in mod_proxy_balancer manager interface . Additionally the ASF bug 53219 was resolved which provides a way to mitigate the CRIME attack vulnerability by disabling TLS-level compression. Use the new directive SSLCompression on|off to enable or disable TLS-level compression, by default SSLCompression is turned on. The updated packages have been upgraded to the latest 2.2.24 version which is not vulnerable to these issues.
Platform: |
Mandriva Linux 2011.0 |