The Apache HTTP Server is a popular web server.
Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer
module’s manager web interface. If a remote attacker could trick a user,
who was logged into the manager web interface, into visiting a
specially-crafted URL, it would lead to arbitrary web script execution in
the context of the user’s manager interface session. (CVE-2012-4558)
It was found that mod_rewrite did not filter terminal escape sequences from
its log file. If mod_rewrite was configured with the RewriteLog directive,
a remote attacker could use specially-crafted HTTP requests to inject
terminal escape sequences into the mod_rewrite log file. If a victim viewed
the log file with a terminal emulator, it could result in arbitrary command
execution with the privileges of that user. (CVE-2013-1862)
Cross-site scripting (XSS) flaws were found in the mod_info, mod_status,
mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An attacker could
possibly use these flaws to perform XSS attacks if they were able to make
the victim’s browser generate an HTTP request with a specially-crafted Host
header. (CVE-2012-3499)
All httpd users should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the httpd daemon will be restarted automatically.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | s390x | mod_ssl | < 2.2.15-28.el6_4 | mod_ssl-2.2.15-28.el6_4.s390x.rpm |
RedHat | 5 | s390 | httpd-debuginfo | < 2.2.3-78.el5_9 | httpd-debuginfo-2.2.3-78.el5_9.s390.rpm |
RedHat | 5 | ia64 | httpd-debuginfo | < 2.2.3-78.el5_9 | httpd-debuginfo-2.2.3-78.el5_9.ia64.rpm |
RedHat | 5 | x86_64 | mod_ssl | < 2.2.3-78.el5_9 | mod_ssl-2.2.3-78.el5_9.x86_64.rpm |
RedHat | 6 | i686 | httpd-tools | < 2.2.15-28.el6_4 | httpd-tools-2.2.15-28.el6_4.i686.rpm |
RedHat | 6 | s390x | httpd-tools | < 2.2.15-28.el6_4 | httpd-tools-2.2.15-28.el6_4.s390x.rpm |
RedHat | 6 | x86_64 | httpd-devel | < 2.2.15-28.el6_4 | httpd-devel-2.2.15-28.el6_4.x86_64.rpm |
RedHat | 5 | ppc | httpd-debuginfo | < 2.2.3-78.el5_9 | httpd-debuginfo-2.2.3-78.el5_9.ppc.rpm |
RedHat | 5 | x86_64 | httpd-devel | < 2.2.3-78.el5_9 | httpd-devel-2.2.3-78.el5_9.x86_64.rpm |
RedHat | 6 | s390x | httpd-debuginfo | < 2.2.15-28.el6_4 | httpd-debuginfo-2.2.15-28.el6_4.s390x.rpm |