How to Buy
This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200907-04
(Apache: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in the Apache HTTP
Jonathan Peatfield reported that the
'Options=IncludesNoEXEC' argument to the 'AllowOverride' directive is
not processed properly (CVE-2009-1195).
Sander de Boer
discovered that the AJP proxy module (mod_proxy_ajp) does not correctly
handle POST requests that do not contain a request body
The vendor reported that the HTTP proxy
module (mod_proxy_http), when being used as a reverse proxy, does not
properly handle requests containing more data as stated in the
'Content-Length' header (CVE-2009-1890).
discovered that mod_deflate does not abort the compression of large
files even when the requesting connection is closed prematurely
A local attacker could circumvent restrictions put up by the server
administrator and execute arbitrary commands with the privileges of the
user running the Apache server. A remote attacker could send multiple
requests to a server with the AJP proxy module, possibly resulting in
the disclosure of a request intended for another client, or cause a
Denial of Service by sending specially crafted requests to servers
running mod_proxy_http or mod_deflate.
Remove 'include', 'proxy_ajp', 'proxy_http' and 'deflate' from
APACHE2_MODULES in make.conf and rebuild Apache, or disable the
aforementioned modules in the Apache configuration.
See also :
All Apache users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-servers/apache-2.2.11-r2'
Risk factor :
High / CVSS Base Score : 7.1
CVSS Temporal Score : 5.6
Public Exploit Available : true
Family: Gentoo Local Security Checks
Nessus Plugin ID: 39775 (gentoo_GLSA-200907-04.nasl)
Bugtraq ID: 34663351153556535623
CVE ID: CVE-2009-1191CVE-2009-1195CVE-2009-1890CVE-2009-1891
Get Nessus Professional to scan unlimited IPs, run compliance checks & more
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.