Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Gentoo Local Security Checks --> Category: infos

[GLSA-200602-03] Apache: Multiple vulnerabilities Vulnerability Scan

Vulnerability Scan Summary
Apache: Multiple vulnerabilities

Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200602-03
(Apache: Multiple vulnerabilities)

Apache's mod_imap fails to properly sanitize the "Referer"
directive of imagemaps in some cases, leaving the HTTP Referer header
unescaped. A flaw in mod_ssl can lead to a NULL pointer dereference if
the site uses a custom "Error 400" document. These vulnerabilities were
reported by Marc Cox and Hartmut Keil, respectively.


A remote attacker could exploit mod_imap to inject arbitrary HTML
or JavaScript into a user's browser to gather sensitive information.
Attackers could also cause a Denial of Service on hosts using the SSL
module (Apache 2.0.x only).


There is no known workaround at this time.


All Apache users should upgrade to the latest version, depending
on whether they still use the old configuration style
(/etc/apache/conf/*.conf) or the new one (/etc/apache2/httpd.conf).
2.0.x users, new style config:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-www/apache-2.0.55-r1"
2.0.x users, old style config:
# emerge --sync
# emerge --ask --oneshot --verbose "=net-www/apache-2.0.54-r16"
1.x users, new style config:
# emerge --sync
# emerge --ask --oneshot --verbose "=net-www/apache-1.3.34-r11"
1.x users, old style config:
# emerge --sync
# emerge --ask --oneshot --verbose "=net-www/apache-1.3.34-r2"

Threat Level: Medium

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.