ROSA Linux Bugzilla – Bug 1771
Multiple vulnerabilities has been found and corrected in apache
Last modified: 2013-07-02 14:07:47 MSD
Various XSS (cross-site scripting vulnerability) flaws due to unescaped
hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap,
mod_ldap, and mod_proxy_ftp (CVE-2012-3499).
XSS (cross-site scripting vulnerability) in mod_proxy_balancer manager
Additionally the ASF bug 53219 was resolved which provides a way
to mitigate the CRIME attack vulnerability by disabling TLS-level
compression. Use the new directive SSLCompression on|off to enable or
disable TLS-level compression, by default SSLCompression is turned on.
The updated packages have been upgraded to the latest 2.2.24 version
which is not vulnerable to these issues.
*** This bug has been marked as a duplicate of bug 2206 ***