Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Ubuntu Local Security Checks --> Category: infos

USN160-2 : apache vulnerability Vulnerability Scan

Vulnerability Scan Summary
apache vulnerability

Detailed Explanation for this Vulnerability Test

Synopsis :

These remote packages are missing security patches :
- apache
- apache-common
- apache-dbg
- apache-dev
- apache-doc
- apache-perl
- apache-ssl
- apache-utils
- libapache-mod-perl

Description :

USN-160-1 fixed two vulnerabilities in the Apache 2 server. The old
Apache 1 server was also vulnerable to one of the vulnerabilities
(CVE-2005-2088). Please note that Apache 1 is not officially supported
in Ubuntu (it is in the "universe" component of the archive).

For reference, this is the relevant part of the original advisory:

Watchfire discovered that Apache insufficiently verified the
"Transfer-Encoding" and "Content-Length" headers when acting as an
HTTP proxy. By sending a specially crafted HTTP request, a remote
attacker who is authorized to use the proxy could exploit this to
bypass web application firewalls, poison the HTTP proxy cache, and
conduct cross-site scripting attacks against other proxy users.

Solution :

Upgrade to :
- apache-1.3.33-4ubuntu1 (Ubuntu 5.04)
- apache-common-1.3.33-4ubuntu1 (Ubuntu 5.04)
- apache-dbg-1.3.33-4ubuntu1 (Ubuntu 5.04)
- apache-dev-1.3.33-4ubuntu1 (Ubuntu 5.04)
- apache-doc-1.3.33-4ubuntu1 (Ubuntu 5.04)
- apache-perl-1.3.33-4ubuntu1 (Ubuntu 5.04)
- apache-ssl-1.3.33-4ubuntu1 (Ubuntu 5.04)
- apache-utils-1.3.33-4ubuntu1 (Ubuntu 5.04)
- libapache-mod-perl- (Ubuntu 5.04)

Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.