|
Family: Ubuntu Local Security Checks --> Category: infos
USN241-1 : apache2, apache vulnerabilities Vulnerability Scan
Vulnerability Scan Summary apache2, apache vulnerabilities
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- apache
- apache-common
- apache-dbg
- apache-dev
- apache-doc
- apache-perl
- apache-ssl
- apache-utils
- apache2
- apache2-common
- apache2-doc
- apache2-mpm-perchild
- apache2-mpm-prefork
- apache2-mpm-threadpool
- apache2-mpm-worker
- apache2-prefork-dev
- apache2-threaded-dev
- apache2-utils
- libapache-mod-perl
- libapr0
- libapr0-dev
Description :
The "mod_imap" module (which provides support for image maps) did not
properly escape the "referer" URL which rendered it vulnerable against
a cross-site scripting attack. A malicious web page (or HTML email)
could trick a user into visiting a site running the vulnerable mod_imap,
and employ cross-site-scripting techniques to gather sensitive user
information from that site. (CVE-2005-3352)
Hartmut Keil discovered a Denial of Service vulnerability in the SSL
module ("mod_ssl") that affects SSL-enabled virtual hosts with a
customized error page for error 400. By sending a specially crafted
request to the server, a remote attacker could crash the server. This
only affects Apache 2, and only if the "worker" implementation
(apache2-mpm-worker) is used. (CVE-2005-3357)
Solution :
Upgrade to :
- apache-1.3.33-8ubuntu1 (Ubuntu 5.10)
- apache-common-1.3.33-8ubuntu1 (Ubuntu 5.10)
- apache-dbg-1.3.33-8ubuntu1 (Ubuntu 5.10)
- apache-dev-1.3.33-8ubuntu1 (Ubuntu 5.10)
- apache-doc-1.3.33-8ubuntu1 (Ubuntu 5.10)
- apache-perl-1.3.33-8ubuntu1 (Ubuntu 5.10)
- apache-ssl-1.3.33-8ubuntu1 (Ubuntu 5.10)
- apache-utils-1.3.33-8ubuntu1 (Ubuntu 5.10)
- apache2-2.0.54-5ubuntu4 (Ubuntu 5.10)
- apache2-common-2.0.54-5ubuntu4 (Ubuntu 5.10)
- apache2-doc-2.0.54-5ubuntu4 (Ubuntu 5.10)
- apache2-mpm-perchi
[...]
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|