Apache HTTPD mod_proxy_balancer Cross Site Scripting Vulnerability

  Severity: MEDIUM
  CVE Identifier: CVE-2012-4558
  Advisory Date: JUL 21, 2015

  DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1000552
  Trend Micro Deep Security DPI Rule Name: 1000552 - Generic Cross Site Scripting(XSS) Prevention

  AFFECTED SOFTWARE AND VERSION

  • apache http_server 2.2
  • apache http_server 2.2.0
  • apache http_server 2.2.1
  • apache http_server 2.2.10
  • apache http_server 2.2.11
  • apache http_server 2.2.12
  • apache http_server 2.2.13
  • apache http_server 2.2.14
  • apache http_server 2.2.15
  • apache http_server 2.2.16
  • apache http_server 2.2.17
  • apache http_server 2.2.18
  • apache http_server 2.2.19
  • apache http_server 2.2.2
  • apache http_server 2.2.20
  • apache http_server 2.2.21
  • apache http_server 2.2.22
  • apache http_server 2.2.23
  • apache http_server 2.2.3
  • apache http_server 2.2.4
  • apache http_server 2.2.6
  • apache http_server 2.2.8
  • apache http_server 2.2.9
  • apache http_server 2.4.0
  • apache http_server 2.4.1
  • apache http_server 2.4.2
  • apache http_server 2.4.3

Featured Stories