Red Hat Security Advisory 2013-0130-01 - The httpd packages contain the Apache HTTP Server, which is the namesake project of The Apache Software Foundation. Input sanitization flaws were found in the mod_negotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews options enabled, could use these flaws to conduct cross-site scripting and HTTP response splitting attacks against users visiting the site.
9a4d4c53e357db7749607126ae10e03812924ef69f9c0937ef9101bcaa818a7f