Debian Security Advisory DSA 2637-1 (apache2 - several issues)

Summary
Several vulnerabilities have been found in the Apache HTTPD server. CVE-2012-3499 The modules mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp did not properly escape hostnames and URIs in HTML output, causing cross site scripting vulnerabilities. CVE-2012-4558 Mod_proxy_balancer did not properly escape hostnames and URIs in its balancer-manager interface, causing a cross site scripting vulnerability. CVE-2013-1048 Hayawardh Vijayakumar noticed that the apache2ctl script created the lock directory in an unsafe manner, allowing a local attacker to gain elevated privileges via a symlink attack. This is a Debian specific issue.
Solution
For the stable distribution (squeeze), these problems have been fixed in version 2.2.16-6+squeeze11. For the testing distribution (wheezy), these problems will be fixed in version 2.2.22-13. For the unstable distribution (sid), these problems will be fixed in version 2.2.22-13. We recommend that you upgrade your apache2 packages.
Insight
The Apache Software Foundation's goal is to build a secure, efficient and extensible HTTP server as standards-compliant open source software. The result has long been the number one web server on the Internet.
Affected
apache2 on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References