Ubuntu Security Notice (C) 2005-2013 Canonical, Inc. / NASL script (C) 2006-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
USN-160-1 fixed two vulnerabilities in the Apache 2 server. The old
Apache 1 server was also vulnerable to one of the vulnerabilities
(CAN-2005-2088). Please note that Apache 1 is not officially supported
in Ubuntu (it is in the 'universe' component of the archive).
For reference, this is the relevant part of the original advisory :
Watchfire discovered that Apache insufficiently verified the
'Transfer-Encoding' and 'Content-Length' headers when acting as an
HTTP proxy. By sending a specially crafted HTTP request, a remote
attacker who is authorized to use the proxy could exploit this to
bypass web application firewalls, poison the HTTP proxy cache, and
conduct cross-site scripting attacks against other proxy users.
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 4.3
Family: Ubuntu Local Security Checks
Nessus Plugin ID: 20566 ()
CVE ID: CVE-2005-2088
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.