|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200409-33] Apache: Exposure of protected directories Vulnerability Scan
Vulnerability Scan Summary Apache: Exposure of protected directories
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200409-33
(Apache: Exposure of protected directories)
A bug in the way Apache handles the Satisfy directive, which is used to
require that certain conditions (client host, client authentication, etc)
be met before access to a certain directory is granted, could allow the
exposure of protected directories to unauthorized clients.
Impact
Directories containing protected data could be exposed to all visitors to
the webserver.
Workaround
There is no known workaround at this time.
References:
http://issues.apache.org/bugzilla/show_bug.cgi?id=31315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0811
Solution:
All Apache users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=net-www/apache-2.0.51-r1"
# emerge ">=net-www/apache-2.0.51-r1"
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.
|