Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Red Hat Local Security Checks --> Category: infos

RHSA-2002-126: apache Vulnerability Scan


Vulnerability Scan Summary
Check for the version of the apache packages

Detailed Explanation for this Vulnerability Test


The Apache Web server contains a security vulnerability which can be used
to launch a denial of service (DoS) attack or, in some cases, allow remote
code execution.

Versions of the Apache Web server up to and including 1.3.24 contain a bug
in the routines which deal with requests using "chunked" encoding.
A carefully crafted invalid request can cause an Apache child process to
call the memcpy() function in a way that will write past the end of its
buffer, corrupting the stack. On some platforms this can be remotely
exploited -- allowing arbitrary code to be run on the server.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2002-0392 to this issue.

All users of Apache should update to these errata packages to correct this
security issue.




Solution : http://rhn.redhat.com/errata/RHSA-2002-126.html
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.