According to its banner, the version of Apache 2.4.x running on the remote host is prior 2.4.3. It is, therefore, affected by the following vulnerabilities :
An input validation error exists related to ‘mod_negotiation’, ‘Multiviews’ and untrusted uploads that can allow cross-site scripting attacks. (CVE-2012-2687)
An error exists related to ‘mod_proxy_ajp’ and ‘mod_proxy_http’ that can allow connections to remain open. This condition can allow information disclosure when combined with specially crafted requests. (CVE-2012-3502)
Note that the scanner did not actually test for these issues, but instead has relied on the version in the server’s banner.
No source data
Vendor | Product | Version | CPE |
---|---|---|---|
apache | http_server | * | cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0455
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3502
archive.apache.org/dist/httpd/CHANGES_2.4.3
httpd.apache.org/security/vulnerabilities_24.html#2.4.3
issues.apache.org/bugzilla/show_bug.cgi?id=53727