Sun Security Blog
Security
|
14 Jan 2008
Sun Alert 103179 Security Vulnerabilities in the Apache 1.3 and 2.0 Web Server Daemon and "mod_status" Module May Lead to Cross Site Scripting (XSS) or Denial of Service (DoS).
Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System Two security vulnerabilities exist in the Apache HTTP server which may affect the Apache 2.0 web server bundled with Solaris 10 and the Apache 1.3 web server bundled with Solaris 8, Solaris 9 and Solaris 10. The first issue, a Cross Site Scripting (CSS or XSS) vulnerability in the "mod_status" Apache server module (CVE-2006-5752), may allow a local or remote unprivileged user to inject arbitrary web script or HTML. This may allow an unprivileged user to bypass access control and gain access to unauthorized data. The second issue, a vulnerability in the Apache HTTP server daemon (CVE-2007-3304), may allow a local user to send signals to an arbitrary process resulting in a Denial of Service (DoS). Additional information regarding these issues is available at: The Change Log for Apache 2.0, at: The Change Log for Apache 1.3, at: CVE-2006-5752 at: CVE-2007-3304 at: Avoidance: Patch, Workaround State: Workaround First released: 21-Dec-2007
Permalink
|
Comments [0]
Trackback URL: http://blogs.sun.com/security/entry/sun_alert_103179_security_vulnerabilities
Comments:
Post a Comment: |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
