Apache Modules Multiple Vulnerabilities - Advisories - Secunia

RedhatがApacheのクロスサイトスクリプティングやDoSを受ける脆弱性を修正したとのこと。

Red Hat has issued an update for httpd. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).

CVE-2008-0005はmod_proxy_balancerかな。

CVE-2007-3847 (mod_proxy using a threaded MPM, allows remote origin servers to cause a denial of service

CVE-2007-4465 Cross-site scripting (XSS) vulnerability in mod_autoindex.c

CVE-2007-5000 Cross-site scripting (XSS) vulnerability in the (1) mod_imap module、mod_imagemap module inject arbitrary web script or HTML

CVE-2007-6388 Cross-site scripting (XSS) vulnerability in mod_status

CVE-2008-0005 under review

CVE-2007-3847	(mod_proxy using a threaded MPM, allows remote origin servers to cause a denial of service
CVE-2007-4465	Cross-site scripting (XSS) vulnerability in mod_autoindex.c
CVE-2007-5000	Cross-site scripting (XSS) vulnerability in the (1) mod_imap module、mod_imagemap module inject arbitrary web script or HTML
CVE-2007-6388	Cross-site scripting (XSS) vulnerability in mod_status
CVE-2008-0005	under review