GLSA-200401-03 : Apache mod_python Denial of Service vulnerability

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200401-03
(Apache mod_python Denial of Service vulnerability)

The Apache Foundation has reported that mod_python may be prone to
Denial of Service attacks when handling a malformed
query. Mod_python 2.7.9 was released to fix the vulnerability,
however, because the vulnerability has not been fully fixed,
version 2.7.10 has been released.
Users of mod_python 3.0.4 are not affected by this vulnerability.

Impact :

Although there are no known public exploits known for this
exploit, users are recommended to upgrade mod_python to ensure the
security of their infrastructure.

Workaround :

Mod_python 2.7.10 has been released to solve this issue
there is
no immediate workaround.

See also :

http://www.modpython.org/pipermail/mod_python/2004-January/014879.html
http://www.gentoo.org/security/en/glsa/glsa-200401-03.xml

Solution :

All users using mod_python 2.7.9 or below are recommended to
update their mod_python installation:
$> emerge sync
$> emerge -pv '>=www-apache/mod_python-2.7.10'
$> emerge '>=www-apache/mod_python-2.7.10'
$> /etc/init.d/apache restart

Risk factor :

Low

Family: Gentoo Local Security Checks

Nessus Plugin ID: 14443 (gentoo_GLSA-200401-03.nasl)

Bugtraq ID:

CVE ID: