GLSA-200602-03 : Apache: Multiple vulnerabilities

This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200602-03
(Apache: Multiple vulnerabilities)

Apache's mod_imap fails to properly sanitize the 'Referer' directive of
imagemaps in some cases, leaving the HTTP Referer header unescaped. A
flaw in mod_ssl can lead to a NULL pointer dereference if the site uses
a custom 'Error 400' document. These vulnerabilities were reported by
Marc Cox and Hartmut Keil, respectively.

Impact :

A remote attacker could exploit mod_imap to inject arbitrary HTML or
JavaScript into a user's browser to gather sensitive information.
Attackers could also cause a Denial of Service on hosts using the SSL
module (Apache 2.0.x only).

Workaround :

There is no known workaround at this time.

See also :

Solution :

All Apache users should upgrade to the latest version, depending on
whether they still use the old configuration style
(/etc/apache/conf/*.conf) or the new one (/etc/apache2/httpd.conf).
2.0.x users, new style config:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-servers/apache-2.0.55-r1'
2.0.x users, old style config:
# emerge --sync
# emerge --ask --oneshot --verbose '=www-servers/apache-2.0.54-r16'
1.x users, new style config:
# emerge --sync
# emerge --ask --oneshot --verbose '=www-servers/apache-1.3.34-r11'
1.x users, old style config:
# emerge --sync
# emerge --ask --oneshot --verbose '=www-servers/apache-1.3.34-r2'

Risk factor :

Medium / CVSS Base Score : 5.4
CVSS Temporal Score : 4.7
Public Exploit Available : true

Family: Gentoo Local Security Checks

Nessus Plugin ID: 20874 (gentoo_GLSA-200602-03.nasl)

Bugtraq ID: 15834

CVE ID: CVE-2005-3352