Potential Security Vulnerability with Apache

  • Document ID:3918173
  • Creation Date:16-Nov-2007
  • Modified Date:27-Apr-2012
    • Micro Focus Products:
      NetWare

Environment

NetWare 6.5
Apache 2.059

Situation

Potential XSS vulnerability with Apache on NetWare 65 SP7
Reported as CVE-2007-4465
There is a potential XSS vulnerability with Apache on NetWare 6.5 which as been rated as a low to medium risk vulnerability by CERT.

Resolution

This problem has been reported to engineering.
The only systems affected are those where the"AddDefaultCharset" directive has been removed, and are using directory indexes.

Status

Reported to Engineering
Security Alert