Two security vulnerabilities exist in the Apache HTTP server which may affect the Apache 2.0 web server bundled with Solaris 10 and the Apache 1.3 web server bundled with Solaris 8, Solaris 9 and Solaris 10.
The first issue, a Cross Site Scripting (CSS or XSS) vulnerability in the "mod_status" Apache server module (CVE-2006-5752), may allow a local or remote unprivileged user to inject arbitrary web script or HTML. This may allow an unprivileged user to bypass access control and gain access to unauthorized data.
The second issue, a vulnerability in the Apache HTTP server daemon (CVE-2007-3304), may allow a local user to send signals to an arbitrary process resulting in a Denial of Service (DoS).
Additional information regarding these issues is available at:
The Change Log for Apache 2.0, at:
The Change Log for Apache 1.3, at: