This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated httpd packages that resolve several security issues and fix a
bug are now available for Red Hat Enterprise Linux 3, 4 and 5.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
The Apache HTTP Server is a popular Web server.
A flaw was found in the mod_proxy Apache module. An attacker in
control of a Web server to which requests were being proxied could
have caused a limited denial of service due to CPU consumption and
stack exhaustion. (CVE-2008-2364)
A flaw was found in the mod_proxy_ftp Apache module. If Apache was
configured to support FTP-over-HTTP proxying, a remote attacker could
have performed a cross-site scripting attack. (CVE-2008-2939)
In addition, these updated packages fix a bug found in the handling of
the 'ProxyRemoteMatch' directive in the Red Hat Enterprise Linux 4
httpd packages. This bug is not present in the Red Hat Enterprise
Linux 3 or Red Hat Enterprise Linux 5 packages.
Users of httpd should upgrade to these updated packages, which contain
backported patches to correct these issues.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false
Family: Red Hat Local Security Checks
Nessus Plugin ID: 34751 ()
Bugtraq ID: 2965330560
CVE ID: CVE-2008-2364CVE-2008-2939
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.