• info
• discussion
• exploit
• solution
• references

Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability

Solution:
Updates are available. Please see the references for more information.


Apple Mac OS X 10.5

• Apple Security Update 2008-003 (Intel)
  http://www.apple.com/support/downloads/securityupdate2008003intel.html


• Apple Security Update 2008-003 (PPC)
  http://www.apple.com/support/downloads/securityupdate2008003ppc.html

Apple Mac OS X 10.4.11

• Apple Security Update 2008-003 (Intel)
  http://www.apple.com/support/downloads/securityupdate2008003intel.html


• Apple Security Update 2008-003 (PPC)
  http://www.apple.com/support/downloads/securityupdate2008003ppc.html

Apple Mac OS X Server 10.4.11

• Apple Security Update 2008-003 Server (PPC)
  http://www.apple.com/support/downloads/securityupdate2008003serverppc. html


• Apple Security Update 2008-003 Server (Universal)
  http://www.apple.com/support/downloads/securityupdate2008003serveruniv ersal.html

Apple Mac OS X 10.5.2

• Apple Security Update 2008-003 (Intel)
  http://www.apple.com/support/downloads/securityupdate2008003intel.html


• Apple Security Update 2008-003 (PPC)
  http://www.apple.com/support/downloads/securityupdate2008003ppc.html

Apple Mac OS X Server 10.5.2

• Apple Security Update 2008-003 Server (PPC)
  http://www.apple.com/support/downloads/securityupdate2008003serverppc. html


• Apple Security Update 2008-003 Server (Universal)
  http://www.apple.com/support/downloads/securityupdate2008003serveruniv ersal.html

Apache Software Foundation Apache 2.0 a9

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Software Foundation Apache 2.0.28 Beta

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Software Foundation Apache 2.0.28

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Software Foundation Apache 2.0.38

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Software Foundation Apache 2.0.40

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Software Foundation Apache 2.0.44

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Software Foundation Apache 2.0.48

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Software Foundation Apache 2.0.54

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Software Foundation Apache 2.0.56 -dev

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Software Foundation Apache 2.1

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Software Foundation Apache 2.1.1

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Software Foundation Apache 2.1.3

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Software Foundation Apache 2.1.6

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Software Foundation Apache 2.2.3

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz

Apache Software Foundation Apache 2.2.4

• Apache Software Foundation httpd-2.2.6-win32-src-r2.zip
  http://apache.mirror.rafal.ca/httpd/httpd-2.2.6-win32-src-r2.zip


• Apache Software Foundation httpd-2.2.6.tar.gz
  http://gulus.usherbrooke.ca/pub/appl/apache/httpd/httpd-2.2.6.tar.gz