Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2003:103: apache Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the apache package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2003:103 (apache).
A buffer overflow in mod_alias and mod_rewrite was discovered in Apache versions
1.3.19 and earlier as well as Apache 2.0.47 and earlier. This happens when a
regular expression with more than 9 captures is confined. A possible hacker would have
to create a carefully crafted configuration file (.htaccess or httpd.conf) in
order to exploit these problems.
As well, another buffer overflow in Apache 2.0.47 and earlier in mod_cgid's
mishandling of CGI redirect paths could result in CGI output going to the wrong
client when a threaded MPM is used.
Apache version 2.0.48 and 1.3.29 were released upstream to correct these bugs
backported patches have been applied to the provided packages.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:103
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.