Oval Definition:oval:org.mitre.oval:tst:35953
Comment:httpd-manual is earlier than 0:2.2.3-11.el5_1.3
Type:rpminfo_testNamespace:linux
Check_Existence:at_least_one_existsCheck:at least one
State Operator:AND
References
Object:oval:org.mitre.oval:obj:14457
State:oval:org.mitre.oval:ste:10481
Referencing Definitions
Definition IDClassTitleLast Modified
oval:org.mitre.oval:def:9539
V
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2013-04-29
oval:org.mitre.oval:def:10181
V
The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
2013-04-29
oval:org.mitre.oval:def:10272
V
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2013-04-29
oval:org.mitre.oval:def:10664
V
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
2013-04-29
oval:org.mitre.oval:def:10812
V
mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
2013-04-29
oval:org.mitre.oval:def:10929
V
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
2013-04-29
BACK