Ticket #14140 (closed update: fixed)
UPDATE: apache 1.3.37 to 1.3.41
| Reported by: | ebgssth@… | Owned by: | macports-tickets@… |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 1.6.0 |
| Keywords: | apache | Cc: | |
| Port: |
Description
MacPorts provides the latest apache2, but apache1 is a bit dated (1.3.37) Unfortunately, 1.3.37 has a minor security flaw.
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
http://secunia.com/cve_reference/CVE-2007-6388/
Please upgrade apache to the latest 1.3.41
Change History
Note: See
TracTickets for help on using
tickets.
Updated in r33649.