« Windows Azure Service Disruption from Expired Certificate | Main | Powershell Two-Liner to Get External IP »


Apache HTTP Server 2.4.4 Released

The Apache HTTP Server project released version 2.4.4. Although there are quite a few bug fixes in this release, there are two cross-site scripting security vulnerabilities that are also fixed in this new version:

  • SECURITY: CVE-2012-3499 (cve.mitre.org)
    Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.

  • SECURITY: CVE-2012-4558 (cve.mitre.org)
    XSS in mod_proxy_balancer manager interface.

See the changelog for more information and download Apache HTTP Server v2.4.4 source and binaries from a mirror near you.


TrackBack URL for this entry:

Listed below are links to weblogs that reference Apache HTTP Server 2.4.4 Released: