Projects
New Ticket     Wiki     Browse Source     Timeline     Roadmap     Bug Reports     Search

Ticket #14140 (closed defect: fixed)

Opened 10 months ago

Last modified 10 months ago

UPDATE: apache 1.3.37 to 1.3.41

Reported by: ebgssth@… Owned by: macports-tickets@…
Priority: Normal Milestone: Port Updates
Component: ports Version: 1.6.0
Keywords: apache Cc:
Port:

Description

MacPorts provides the latest apache2, but apache1 is a bit dated (1.3.37) Unfortunately, 1.3.37 has a minor security flaw.

Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

http://secunia.com/cve_reference/CVE-2007-6388/

Please upgrade apache to the latest 1.3.41

Change History

Changed 10 months ago by raimue@…

  • status changed from new to closed
  • resolution set to fixed

Updated in r33649.

Note: See TracTickets for help on using tickets.