DSA-2637-1 apache2 -- several issuesID: oval:org.secpod.oval:def:600981 | Date: (C)2013-03-08 (M)2023-12-07 |
Class: PATCH | Family: unix |
Several vulnerabilities have been found in the Apache HTTPD server. CVE-2012-3499 The modules mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp did not properly escape hostnames and URIs in HTML output, causing cross site scripting vulnerabilities. CVE-2012-4558 Mod_proxy_balancer did not properly escape hostnames and URIs in its balancer-manager interface, causing a cross site scripting vulnerability. CVE-2013-1048 Hayawardh Vijayakumar noticed that the apache2ctl script created the lock directory in an unsafe manner, allowing a local attacker to gain elevated privileges via a symlink attack. This is a Debian specific issue.