Apache < 2.0.45 Multiple Vulnerabilities (DoS, File Write)

This script is Copyright (C) 2003-2014 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by multiple vulnerabilities.

Description :

The remote host is running a version of Apache 2.x that is older than
2.0.45. Such versions are reportedly affected by multiple
vulnerabilities :

- There is a denial of service attack that could allow an
attacker to disable this server remotely.

- The httpd process leaks file descriptors to child
processes, such as CGI scripts. An attacker who has the
ability to execute arbitrary CGI scripts on this server
(including PHP code) would be able to write arbitrary
data in the file pointed to (in particular, the log
files).

See also :

http://www.apache.org/dist/httpd/CHANGES_2.0

Solution :

Upgrade to Apache web server version 2.0.45 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 11507 (apache_2_0_45.nasl)

Bugtraq ID: 7254
7255

CVE ID: CVE-2003-0132