Release date:
Updated on:
Affected Systems:
Apache Group HTTP Server 2.4.x
Apache Group HTTP Server 2.2.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 58165
CVE (CAN) ID: CVE-2012-3499
Apache HTTP Server is an open source HTTP Server.
Apache HTTP Server 2.4.4 and earlier versions have Multiple XSS vulnerabilities through module (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, (5) Host Name and URI in mod_status. Remote attackers can exploit this vulnerability to inject arbitrary js scripts and HTML.
<* Source: Jim jarielski
Stefan Fritsch
Niels Heinen
Link: http://secunia.com/advisories/52394/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://httpd.apache.org/