Apache 2.2.x < 2.2.15 Multiple Vulnerabilities

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.

Synopsis :

The remote web server is affected by multiple vulnerabilities

Description :

According to its banner, the version of Apache 2.2.x running on the
remote host is prior to 2.2.15. It is, therefore, potentially affected
by multiple vulnerabilities :

- A TLS renegotiation prefix injection attack is possible.

- The 'mod_proxy_ajp' module returns the wrong status code
if it encounters an error which causes the back-end
server to be put into an error state. (CVE-2010-0408)

- The 'mod_isapi' attempts to unload the 'ISAPI.dll' when
it encounters various error states which could leave
call-backs in an undefined state. (CVE-2010-0425)

- A flaw in the core sub-request process code can lead to
sensitive information from a request being handled by
the wrong thread if a multi-threaded environment is
used. (CVE-2010-0434)

- Added 'mod_reqtimeout' module to mitigate Slowloris
attacks. (CVE-2007-6750)

See also :


Solution :

Upgrade to Apache version 2.2.15 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 45004 ()

Bugtraq ID: 21865

CVE ID: CVE-2007-6750

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial