Apache HTTP Server 2.4.4 Released
The Apache HTTP Server project released version 2.4.4. Although there are quite a few bug fixes in this release, there are two cross-site scripting security vulnerabilities that are also fixed in this new version:
SECURITY: CVE-2012-3499 (cve.mitre.org)
Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.SECURITY: CVE-2012-4558 (cve.mitre.org)
XSS in mod_proxy_balancer manager interface.
See the changelog for more information and download Apache HTTP Server v2.4.4 source and binaries from a mirror near you.