Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : apache2 vulnerabilities (USN-575-1)

Ubuntu Security Notice (C) 2008-2014 Canonical, Inc. / NASL script (C) 2008-2014 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

It was discovered that Apache did not sanitize the Expect header from
an HTTP request when it is reflected back in an error message, which
could result in browsers becoming vulnerable to cross-site scripting
attacks when processing the output. With cross-site scripting
vulnerabilities, if a user were tricked into viewing server output
during a crafted server request, a remote attacker could exploit this
to modify the contents, or steal confidential data (such as
passwords), within the same domain. This was only vulnerable in Ubuntu
6.06. (CVE-2006-3918)

It was discovered that when configured as a proxy server and using a
threaded MPM, Apache did not properly sanitize its input. A remote
attacker could send Apache crafted date headers and cause a denial of
service via application crash. By default, mod_proxy is disabled in
Ubuntu. (CVE-2007-3847)

It was discovered that mod_autoindex did not force a character set,
which could result in browsers becoming vulnerable to cross-site
scripting attacks when processing the output. (CVE-2007-4465)

It was discovered that mod_imap/mod_imagemap did not force a character
set, which could result in browsers becoming vulnerable to cross-site
scripting attacks when processing the output. By default,
mod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000)

It was discovered that mod_status when status pages were available,
allowed for cross-site scripting attacks. By default, mod_status is
disabled in Ubuntu. (CVE-2007-6388)

It was discovered that mod_proxy_balancer did not sanitize its input,
which could result in browsers becoming vulnerable to cross-site
scripting attacks when processing the output. By default,
mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in
Ubuntu 7.04 and 7.10. (CVE-2007-6421)

It was discovered that mod_proxy_balancer could be made to dereference
a NULL pointer. A remote attacker could send a crafted request and
cause a denial of service via application crash. By default,
mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in
Ubuntu 7.04 and 7.10. (CVE-2007-6422)

It was discovered that mod_proxy_ftp did not force a character set,
which could result in browsers becoming vulnerable to cross-site
scripting attacks when processing the output. By default,
mod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005).

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true