Security Check Details

USN908-1 : apache2 vulnerabilities
Synopsis :

These remote packages are missing security patches :
- apache2
- apache2-common
- apache2-doc
- apache2-mpm-event
- apache2-mpm-itk
- apache2-mpm-perchild
- apache2-mpm-prefork
- apache2-mpm-worker
- apache2-prefork-dev
- apache2-src
- apache2-suexec
- apache2-suexec-custom
- apache2-threaded-dev
- apache2-utils
- apache2.2-bin
- apache2.2-common
- libapr0
- libapr0-dev

Description :

It was discovered that mod_proxy_ajp did not properly handle errors when
a client doesn't send a request body. A remote attacker could exploit this
with a crafted request and cause a denial of service. This issue affected
Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10. (CVE-2010-0408)

It was discovered that Apache did not properly handle headers in
subrequests under certain conditions. A remote attacker could exploit this
with a crafted request and possibly obtain sensitive information from
previous requests. (CVE-2010-0434)

Solution :

Upgrade to :
- apache2-2.2.12-1ubuntu2.2 (Ubuntu 9.10)
- apache2-common-2.0.55-4ubuntu2.10 (Ubuntu 6.06)
- apache2-doc-2.2.12-1ubuntu2.2 (Ubuntu 9.10)
- apache2-mpm-event-2.2.12-1ubuntu2.2 (Ubuntu 9.10)
- apache2-mpm-itk-2.2.12-1ubuntu2.2 (Ubuntu 9.10)
- apache2-mpm-perchild-2.2.8-1ubuntu0.15 (Ubuntu 8.04)
- apache2-mpm-prefork-2.2.12-1ubuntu2.2 (Ubuntu 9.10)
- apache2-mpm-worker-2.2.12-1ubuntu2.2 (Ubuntu 9.10)
- apache2-prefork-dev-2.2.12-1ubuntu2.2 (Ubuntu 9.10)
- apache2-src-2.2.11-2ubuntu2.6 (Ubuntu 9
[...]

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)


More at Nessus.org

Web Site Monitoring · Security Scan · Features · FAQ · Pricing · About Us · Contact Us · Site Map