Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : apache2 vulnerabilities (USN-575-1)

Ubuntu Security Notice (C) 2008-2016 Canonical, Inc. / NASL script (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related
patches.

Description :

It was discovered that Apache did not sanitize the Expect header from
an HTTP request when it is reflected back in an error message, which
could result in browsers becoming vulnerable to cross-site scripting
attacks when processing the output. With cross-site scripting
vulnerabilities, if a user were tricked into viewing server output
during a crafted server request, a remote attacker could exploit this
to modify the contents, or steal confidential data (such as
passwords), within the same domain. This was only vulnerable in Ubuntu
6.06. (CVE-2006-3918)

It was discovered that when configured as a proxy server and using a
threaded MPM, Apache did not properly sanitize its input. A remote
attacker could send Apache crafted date headers and cause a denial of
service via application crash. By default, mod_proxy is disabled in
Ubuntu. (CVE-2007-3847)

It was discovered that mod_autoindex did not force a character set,
which could result in browsers becoming vulnerable to cross-site
scripting attacks when processing the output. (CVE-2007-4465)

It was discovered that mod_imap/mod_imagemap did not force a character
set, which could result in browsers becoming vulnerable to cross-site
scripting attacks when processing the output. By default,
mod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000)

It was discovered that mod_status when status pages were available,
allowed for cross-site scripting attacks. By default, mod_status is
disabled in Ubuntu. (CVE-2007-6388)

It was discovered that mod_proxy_balancer did not sanitize its input,
which could result in browsers becoming vulnerable to cross-site
scripting attacks when processing the output. By default,
mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in
Ubuntu 7.04 and 7.10. (CVE-2007-6421)

It was discovered that mod_proxy_balancer could be made to dereference
a NULL pointer. A remote attacker could send a crafted request and
cause a denial of service via application crash. By default,
mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in
Ubuntu 7.04 and 7.10. (CVE-2007-6422)

It was discovered that mod_proxy_ftp did not force a character set,
which could result in browsers becoming vulnerable to cross-site
scripting attacks when processing the output. By default,
mod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial