Bug 1771 - Multiple vulnerabilities has been found and corrected in apache
: Multiple vulnerabilities has been found and corrected in apache
Status: RESOLVED DUPLICATE of bug 2206
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Marathon
: All Linux
: Normal normal
: ---
Assigned To: Private ROSA Bugs
: Private ROSA Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-03-13 09:10 MSK by Zombie Ryushu
Modified: 2013-07-02 14:07 MSD (History)
1 user (show)

See Also:
RPM Package: apache
ISO-related:
Bad POT generating:
Upstream:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Zombie Ryushu 2013-03-13 09:10:29 MSK
Various XSS (cross-site scripting vulnerability) flaws due to unescaped
hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap,
mod_ldap, and mod_proxy_ftp (CVE-2012-3499).

XSS (cross-site scripting vulnerability) in mod_proxy_balancer manager
interface (CVE-2012-4558).

Additionally the ASF bug 53219 was resolved which provides a way
to mitigate the CRIME attack vulnerability by disabling TLS-level
compression. Use the new directive SSLCompression on|off to enable or
disable TLS-level compression, by default SSLCompression is turned on.

The updated packages have been upgraded to the latest 2.2.24 version
which is not vulnerable to these issues.
Comment 1 Denis Silakov 2013-07-02 14:07:47 MSD

*** This bug has been marked as a duplicate of bug 2206 ***