Описание
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Web Server 1 | httpd | Will not fix | ||
| Red Hat Enterprise Linux 5 | httpd | Fixed | RHSA-2013:0815 | 13.05.2013 |
| Red Hat Enterprise Linux 6 | httpd | Fixed | RHSA-2013:0815 | 13.05.2013 |
| Red Hat JBoss Enterprise Application Platform 6.1 | httpd | Fixed | RHSA-2013:1209 | 04.09.2013 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | apache-commons-beanutils | Fixed | RHSA-2013:1207 | 04.09.2013 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | apache-commons-daemon-jsvc-eap6 | Fixed | RHSA-2013:1207 | 04.09.2013 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | apache-cxf | Fixed | RHSA-2013:1207 | 04.09.2013 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | apache-cxf-xjc-utils | Fixed | RHSA-2013:1207 | 04.09.2013 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | hibernate4 | Fixed | RHSA-2013:1207 | 04.09.2013 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | hornetq | Fixed | RHSA-2013:1207 | 04.09.2013 |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS2
Связанные уязвимости
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP ...
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
4.3 Medium
CVSS2