Description

This alert was generated using only banner information. It may be a false positive.

Fixed in Apache httpd 2.2.9:
  • low: mod_proxy_balancer CSRF CVE-2007-6420
    The mod_proxy_balancer provided an administrative interface that could be vulnerable to cross-site request forgery (CSRF) attacks.
  • moderate: mod_proxy_http DoS CVE-2008-2364
    A flaw was found in the handling of excessive interim responses from an origin server when using mod_proxy_http. A remote attacker could cause a denial of service or high memory usage.

Affected Apache versions (2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0).

Remediation

Upgrade Apache 2.x to the latest version.

References

Apache homepage

Apache httpd 2.2 vulnerabilities

Related Vulnerabilities

WordPress Plugin Google XML Sitemap for Images Cross-Site Request Forgery (2.1.3)

GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-23640)

WordPress Plugin DeMomentSomTres Subscribe Cross-Site Scripting (201909190900)

Oracle Database Server CVE-2008-1821 Vulnerability (CVE-2008-1821)

WordPress Plugin Advanced Classifieds & Directory Pro Security Bypass (1.6.2)

Severity

Medium

Classification

CVE-2007-6420 CVE-2008-2364 CWE-399 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Tags

CSRF Denial Of Service Missing Update