Detections
Analytics
Mandrake Linux Security Advisory : apache2 (MDKSA-2006:007)
medium Nessus Plugin ID 20473
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
A flaw was discovered in mod_imap when using the Referer directive with image maps that could be used by a remote attacker to perform a cross- site scripting attack, in certain site configurations, if a victim could be forced to visit a malicious URL using certain web browsers (CVE-2005-3352).Also, a NULL pointer dereference flaw was found in mod_ssl that affects server configurations where an SSL virtual host was configured with access controls and a custom 400 error document. This could allow a remote attacker to send a carefully crafted request to trigger the issue and cause a crash, but only with the non-default worker MPM (CVE-2005-3357).
The provided packages have been patched to prevent these problems.
Solution
Update the affected packages.Plugin Details
Severity: Medium
ID: 20473
File Name: mandrake_MDKSA-2006-007.nasl
Version: 1.18
Type: local
Family: Mandriva Local Security Checks
Published: 1/15/2006
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 5.4
Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:apache-base, p-cpe:/a:mandriva:linux:apache-devel, p-cpe:/a:mandriva:linux:apache-mod_cache, p-cpe:/a:mandriva:linux:apache-mod_dav, p-cpe:/a:mandriva:linux:apache-mod_deflate, p-cpe:/a:mandriva:linux:apache-mod_disk_cache, p-cpe:/a:mandriva:linux:apache-mod_file_cache, p-cpe:/a:mandriva:linux:apache-mod_ldap, p-cpe:/a:mandriva:linux:apache-mod_mem_cache, p-cpe:/a:mandriva:linux:apache-mod_proxy, p-cpe:/a:mandriva:linux:apache-mod_ssl, p-cpe:/a:mandriva:linux:apache-mod_userdir, p-cpe:/a:mandriva:linux:apache-modules, p-cpe:/a:mandriva:linux:apache-mpm-peruser, p-cpe:/a:mandriva:linux:apache-mpm-prefork, p-cpe:/a:mandriva:linux:apache-mpm-worker, p-cpe:/a:mandriva:linux:apache-source, p-cpe:/a:mandriva:linux:apache2, p-cpe:/a:mandriva:linux:apache2-common, p-cpe:/a:mandriva:linux:apache2-devel, p-cpe:/a:mandriva:linux:apache2-manual, p-cpe:/a:mandriva:linux:apache2-mod_cache, p-cpe:/a:mandriva:linux:apache2-mod_dav, p-cpe:/a:mandriva:linux:apache2-mod_deflate, p-cpe:/a:mandriva:linux:apache2-mod_disk_cache, p-cpe:/a:mandriva:linux:apache2-mod_file_cache, p-cpe:/a:mandriva:linux:apache2-mod_ldap, p-cpe:/a:mandriva:linux:apache2-mod_mem_cache, p-cpe:/a:mandriva:linux:apache2-mod_proxy, p-cpe:/a:mandriva:linux:apache2-mod_ssl, p-cpe:/a:mandriva:linux:apache2-modules, p-cpe:/a:mandriva:linux:apache2-peruser, p-cpe:/a:mandriva:linux:apache2-source, p-cpe:/a:mandriva:linux:apache2-worker, cpe:/o:mandrakesoft:mandrake_linux:10.1, cpe:/o:mandriva:linux:2006, x-cpe:/o:mandrakesoft:mandrake_linux:le2005
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 1/5/2006
Reference Information
CVE: CVE-2005-3352, CVE-2005-3357
MDKSA: 2006:007