Oval Definition:oval:org.mitre.oval:def:21017
Revision Date:2014-02-17Version:52
Title:RHSA-2013:0130: httpd security, bug fix, and enhancement update (Low)
Description:Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CESA-2013:0130
CVE-2008-0455
CVE-2008-0456
CVE-2012-2687
RHSA-2013:0130-00
Platform(s):CentOS Linux 5
Red Hat Enterprise Linux 5
Product(s):httpd
Definition Synopsis
  • Redhat 5 section
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • AND Packages section
  • httpd-manual is earlier than 0:2.2.3-74.el5
  • OR httpd is earlier than 0:2.2.3-74.el5
  • OR httpd-devel is earlier than 0:2.2.3-74.el5
  • OR mod_ssl is earlier than 0:2.2.3-74.el5
  • OR Centos 5 section
  • The operating system installed on the system is CentOS Linux 5.x
  • AND Packages section
  • httpd-manual is earlier than 0:2.2.3-74.el5.centos
  • OR httpd is earlier than 0:2.2.3-74.el5.centos
  • OR httpd-devel is earlier than 0:2.2.3-74.el5.centos
  • OR mod_ssl is earlier than 0:2.2.3-74.el5.centos
    • BACK