GLSA-200401-03 : Apache mod_python Denial of Service vulnerability

This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200401-03
(Apache mod_python Denial of Service vulnerability)

The Apache Foundation has reported that mod_python may be prone to
Denial of Service attacks when handling a malformed
query. Mod_python 2.7.9 was released to fix the vulnerability,
however, because the vulnerability has not been fully fixed,
version 2.7.10 has been released.
Users of mod_python 3.0.4 are not affected by this vulnerability.

Impact :

Although there are no known public exploits known for this
exploit, users are recommended to upgrade mod_python to ensure the
security of their infrastructure.

Workaround :

Mod_python 2.7.10 has been released to solve this issue
there is
no immediate workaround.

See also :

Solution :

All users using mod_python 2.7.9 or below are recommended to
update their mod_python installation:
$> emerge sync
$> emerge -pv '>=www-apache/mod_python-2.7.10'
$> emerge '>=www-apache/mod_python-2.7.10'
$> /etc/init.d/apache restart

Risk factor :


Family: Gentoo Local Security Checks

Nessus Plugin ID: 14443 (gentoo_GLSA-200401-03.nasl)

Bugtraq ID: