Apache 2.0.x < 2.0.47 Multiple Vulnerabilities (DoS, Encryption)

This script is Copyright (C) 2003-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server is affected by multiple vulnerabilities.

Description :

The remote host appears to be running a version of Apache 2.x prior to
2.0.47. It is, therefore, affected by multiple vulnerabilities :

- An issue in may occur when the SSLCipherSuite directive
is used to upgrade a cipher suite which could lead to a
weaker cipher suite being used instead of the upgraded
one. (CVE-2003-0192)

- A denial of service vulnerability may exist in the FTP
proxy component relating to the use of IPV6 addresses.

- An attacker may be able to craft a type-map file that
could cause the server to enter an infinite loop.

See also :


Solution :

Upgrade to Apache web server version 2.0.47 or later.

Risk factor :

Medium / CVSS Base Score : 6.4
CVSS Temporal Score : 4.7
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 11788 ()

Bugtraq ID: 8134

CVE ID: CVE-2003-0192