'Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.'
This issue was resolved in a backported fix. Current up to date versions not affected.
This issue was resolved in httpd-2.2.3-11.el5. Current versions meet or exceed this minor release.
To validate that you are running httpd-2.2.3-11.el5 or later, run the following:
rpm -qi httpd
If you need to update, run the following: