apache22 -- several vulnerabilities

Description:

Apache HTTP SERVER PROJECT reports:

low: XSS due to unescaped hostnames CVE-2012-3499

Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.

moderate: XSS in mod_proxy_balancer CVE-2012-4558

A XSS flaw affected the mod_proxy_balancer manager interface.

References:

CVE name CVE-2012-3499
CVE name CVE-2012-4558

Affects:

apache22 >2.2.0 <2.2.24
apache22-event-mpm >2.2.0 <2.2.24
apache22-itk-mpm >2.2.0 <2.2.24
apache22-peruser-mpm >2.2.0 <2.2.24
apache22-worker-mpm >2.2.0 <2.2.24

portaudit: apache22 -- several vulnerabilities

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Team. Refer to "FreeBSD Security Information" for more information.

Oliver Eikemeier <eik@FreeBSD.org>