ALAS-2013-194 ---- httpd24, mod24_sessionID: oval:org.secpod.oval:def:1600308 | Date: (C)2016-05-19 (M)2023-12-07 |
Class: PATCH | Family: unix |
Cross-site scripting flaws were found in the mod_proxy_balancer module"s manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user"s manager interface session. It was found that mod_rewrite did not filter terminal escape sequences from its log file. If mod_rewrite was configured with the RewriteLog directive, a remote attacker could use specially-crafted HTTP requests to inject terminal escape sequences into the mod_rewrite log file. If a victim viewed the log file with a terminal emulator, it could result in arbitrary command execution with the privileges of that user. Cross-site scripting flaws were found in the mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An attacker could possibly use these flaws to perform XSS attacks if they were able to make the victim"s browser generate an HTTP request with a specially-crafted Host header
Platform: |
Amazon Linux AMI |
Product: |
httpd24 |
mod24_session |