Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2002:048: mod_ssl Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the mod_ssl package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2002:048 (mod_ssl).
Frank Denis discovered an off-by-one error in mod_ssl dealing with the handling
of older configuration directorives (the rewrite_command hook). A malicious user
could use a specially-crafted .htaccess file to execute arbitrary commands as
the apache user or execute a DoS against the apache child processes.
This vulnerability is fixed in mod_ssl 2.8.10
patches have been applied to
correct this problem in these packages.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2002:048
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.