Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2004:134: apache Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the apache package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2004:134 (apache).
A possible buffer overflow exists in the get_tag() function of mod_include, and
if SSI (Server Side Includes) are enabled, a local attacker may be able to run
arbitrary code with the rights of an httpd child process. This could be done
with a special HTML document using malformed SSI.
The updated packages have been patched to prevent this problem.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2004:134
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.