|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Apache httpd: Cross Site Scripting of mod_proxy_balancer
Synthesis of the vulnerability
Impacted products: Apache httpd, Debian, Fedora, NSMXpress, MBS, MES, Mandriva Linux, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, Slackware.
Consequences: client access/rights.
Confidence: confirmed by the editor (5/5).
Creation date: 25/02/2013.
Identifiers: BID-58165, CERTA-2013-AVI-153, CERTA-2013-AVI-387, CERTFR-2014-AVI-112, CERTFR-2015-AVI-286, CVE-2012-4558, DSA-2637-1, FEDORA-2013-4541, JSA10685, MDVSA-2013:015, MDVSA-2013:015-1, openSUSE-SU-2013:0629-1, openSUSE-SU-2013:0632-1, RHSA-2013:0815-01, RHSA-2013:1012-01, RHSA-2013:1013-01, RHSA-2013:1207-01, RHSA-2013:1208-01, RHSA-2013:1209-01, SSA:2013-062-01, VIGILANCE-VUL-12458.
Description of the vulnerability
The Apache httpd mod_proxy_balancer module is used to balance the load between several mod_proxy services.
However, the manager interface of this module does not correctly validate received data before displaying them in the generated web document.
Complete Vigil@nce bulletin.... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides network vulnerability bulletins. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.