Cross-site scripting vulnerabilities in multiple Apache modules
The vulnerabilities, none of which are classed as critical, are fixed in Apache versions 2.2.7-dev, 1.3.40-dev and 2.0.62-dev. Linux distributors such as Red Hat and Mandriva have already released bug-fixed versions of these modules.
- Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability, security advisory from SecurityReason
- Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability, security advisory from SecurityReason
- Apache (mod_status) Refresh Header - Open Redirector (XSS), security advisory from SecurityReason
- httpd security update, security advisory from Red Hat
- Updated apache 2.2.x packages fix multiple vulnerabilities, security advisory from Mandriva