Release date:
Updated on:
Affected Systems:
Apache Group mod_pagespeed <0.10.22.6
Description:
--------------------------------------------------------------------------------
Bugtraq id: 55536
Cve id: CVE-2012-4001 CVE-2012-4360
Mod_pagespeed is an open-source Apache module that automatically optimizes web pages and resources.
The Apache 'mod _ pagespeed' module has the cross-site scripting and Security Restriction Bypass Vulnerability, after successful exploitation, attackers can bypass certain security restrictions, execute arbitrary script code, steal Cookie authentication creden。, and perform certain administrator operations.
<* Source: vendor
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://httpd.apache.org/