Displaying 2 results from an estimated 2 matches for "perlresponsehandler".
2015 Aug 11
4
Apache mod_perl cross site scripting vulnerability
Hello,
I've failed latest PCI scan because of CVE-2009-0796. Centos 6.7. The
Red Hat Security Response Team has rated this issue as having moderate
security impact and bug as wontfix.
Explanation: The vulnerability affects non default configuration of
Apache HTTP web server, i.e cases, when access to Apache::Status and
Apache2::Status resources is explicitly allowed via <Location
2015 Aug 12
0
Apache mod_perl cross site scripting vulnerability
How about something like:
<Location /perl-status>
# disallow public access
Order Deny, Allow
Deny from all
Allow from 127.0.0.1
SetHandler perl-script
PerlResponseHandler Apache2::Status
</Location>
2015-08-11 14:46 GMT+03:00 Proxy One <proxy-one at mail.ru>:
> Hello,
>
> I've failed latest PCI scan because of CVE-2009-0796. Centos 6.7. The
> Red Hat Security Response Team has rated this issue as having moderate
> security impac...