CVE-2012-4558

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.2.x before 2.2.24-dev Apache HTTP Server versions 2.4.x before 2.4.4

Description The issue is related to multiple cross-site scripting (XSS) vulnerabilities in the balancer handler function in the manager interface in the mod proxy balancer module. This allows remote attackers to inject arbitrary web script or HTML via a crafted string. The vulnerability was reported by Niels Heinen of Google.

Recommendations For Apache HTTP Server versions 2.2.x before 2.2.24-dev, update to version 2.2.24-dev or later. For Apache HTTP Server versions 2.4.x before 2.4.4, update to version 2.4.4 or later. As a temporary workaround, consider disabling the balancer handler function in the manager interface until a patch is available.