Ubuntu Security Notice (C) 2005-2015 Canonical, Inc. / NASL script (C) 2006-2015 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
Marc Stern discovered a buffer overflow in the SSL module's
certificate revocation list (CRL) handler. If Apache is configured to
use a malicious CRL, this could possibly lead to a server crash or
arbitrary code execution with the privileges of the Apache web server.
Watchfire discovered that Apache insufficiently verified the
'Transfer-Encoding' and 'Content-Length' headers when acting as an
HTTP proxy. By sending a specially crafted HTTP request, a remote
attacker who is authorized to use the proxy could exploit this to
bypass web application firewalls, poison the HTTP proxy cache, and
conduct cross-site scripting attacks against other proxy users.
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true