Versions of mod_ssl prior to 2.8.12 can be used to mount cross-site scripting attacks. For more information, see CVE CAN 2002-1157 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1157
This was fixed in RHSA-2002:251 last year.