Family: Red Hat Local Security Checks --> Category: infos
RHSA-2002-126: apache Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the apache packages
Detailed Explanation for this Vulnerability Test
The Apache Web server contains a security vulnerability which can be used
to launch a denial of service (DoS) attack or, in some cases, allow remote
Versions of the Apache Web server up to and including 1.3.24 contain a bug
in the routines which deal with requests using "chunked" encoding.
A carefully crafted invalid request can cause an Apache child process to
call the memcpy() function in a way that will write past the end of its
buffer, corrupting the stack. On some platforms this can be remotely
exploited -- allowing arbitrary code to be run on the server.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2002-0392 to this issue.
All users of Apache should update to these errata packages to correct this
Solution : http://rhn.redhat.com/errata/RHSA-2002-126.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.