This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
The Apache Web server contains a security vulnerability which can be
used to launch a denial of service (DoS) attack or, in some cases,
allow remote code execution.
Versions of the Apache Web server up to and including 1.3.24 contain a
bug in the routines which deal with requests using 'chunked' encoding.
A carefully crafted invalid request can cause an Apache child process
to call the memcpy() function in a way that will write past the end of
its buffer, corrupting the stack. On some platforms this can be
remotely exploited -- allowing arbitrary code to be run on the server.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2002-0392 to this issue.
All users of Apache should update to these errata packages to correct
this security issue.
See also :
Update the affected apache, apache-devel and / or apache-manual
Risk factor :
High / CVSS Base Score : 7.5
Public Exploit Available : true
Family: Red Hat Local Security Checks
Nessus Plugin ID: 12305 ()
CVE ID: CVE-2002-0392
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.