Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Ubuntu Local Security Checks --> Category: infos

USN177-1 : apache2, libapache-mod-ssl vulnerabilities Vulnerability Scan

Vulnerability Scan Summary
apache2, libapache-mod-ssl vulnerabilities

Detailed Explanation for this Vulnerability Test

Synopsis :

These remote packages are missing security patches :
- apache2
- apache2-common
- apache2-doc
- apache2-mpm-perchild
- apache2-mpm-prefork
- apache2-mpm-threadpool
- apache2-mpm-worker
- apache2-prefork-dev
- apache2-threaded-dev
- apache2-utils
- libapache-mod-ssl
- libapache-mod-ssl-doc
- libapr0
- libapr0-dev

Description :

Apache did not honour the "SSLVerifyClient require" directive within a
block if the surrounding block contained a
directive "SSLVerifyClient optional". This allowed clients to bypass
client certificate validation on servers with the above configuration.

Filip Sneppe discovered a Denial of Service vulnerability in the byte
range filter handler. By requesting certain large byte ranges, a
remote attacker could cause memory exhaustion in the server.

The updated libapache-mod-ssl also fixes two older Denial of Service
vulnerabilities: A format string error in the ssl_log() function which
could be exploited to crash the server (CVE-2004-0700), and a flaw in
the SSL cipher negotiation which could be exploited to terminate a
session (CVE-2004-0885). Please note that Apache 1.3 and
libapache-mod-ssl are not officially supported (they are in the
"universe" component of the Ubuntu archive).

Solution :

Upgrade to :
- apache2-2.0.53-5ubuntu5.3 (Ubuntu 5.04)
- apache2-common-2.0.53-5ubuntu5.3 (Ubuntu 5.04)
- apache2-doc-2.0.53-5ubuntu5.3 (Ubuntu 5.04)
- apache2-mpm-perchild-2.0.53-5ubuntu5.3 (Ubuntu 5.04)
- apache2-mpm-prefork-2.0.53-5ubuntu5.3 (Ubuntu 5.04)
- apache2-mpm-threadpool-2.0.53-5ubuntu5.3 (Ubuntu 5.04)
- apache2-mpm-worker-2.0.53-5ubuntu5.3 (Ubuntu 5.04)
- apache2-prefork-dev-2.0.53-5ubuntu5.3 (Ubuntu 5.04)
- apache2-threaded-dev-2.0.53-5ubuntu5.3 (Ubuntu 5.04)
- apache2-utils-2.0.53-5ubuntu5.

Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.