Ubuntu Security Notice (C) 2006-2013 Canonical, Inc. / NASL script (C) 2006-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
The 'mod_imap' module (which provides support for image maps) did not
properly escape the 'referer' URL which rendered it vulnerable against
a cross-site scripting attack. A malicious web page (or HTML email)
could trick a user into visiting a site running the vulnerable
mod_imap, and employ cross-site-scripting techniques to gather
sensitive user information from that site. (CVE-2005-3352)
Hartmut Keil discovered a Denial of Service vulnerability in the SSL
module ('mod_ssl') that affects SSL-enabled virtual hosts with a
customized error page for error 400. By sending a specially crafted
request to the server, a remote attacker could crash the server. This
only affects Apache 2, and only if the 'worker' implementation
(apache2-mpm-worker) is used. (CVE-2005-3357).
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.4