Ubuntu Security Notice (C) 2012-2013 Canonical, Inc. / NASL script (C) 2012-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing a security-related patch.
It was discovered that the Apache HTTP Server incorrectly handled the
SetEnvIf .htaccess file directive. An attacker having write access to
a .htaccess file may exploit this to possibly execute arbitrary code.
Prutha Parikh discovered that the mod_proxy module did not properly
interact with the RewriteRule and ProxyPassMatch pattern matches in
the configuration of a reverse proxy. This could allow remote
attackers to contact internal webservers behind the proxy that were
not intended for external exposure. (CVE-2011-4317)
Rainer Canavan discovered that the mod_log_config module incorrectly
handled a certain format string when used with a threaded MPM. A
remote attacker could exploit this to cause a denial of service via a
specially- crafted cookie. This issue only affected Ubuntu 11.04 and
It was discovered that the Apache HTTP Server incorrectly handled
certain type fields within a scoreboard shared memory segment. A local
attacker could exploit this to to cause a denial of service.
Norman Hippert discovered that the Apache HTTP Server incorrecly
handled header information when returning a Bad Request (400) error
page. A remote attacker could exploit this to obtain the values of
certain HTTPOnly cookies. (CVE-2012-0053).
Update the affected apache2.2-common package.
Risk factor :
Medium / CVSS Base Score : 4.6
CVSS Temporal Score : 4.0
Public Exploit Available : true
Family: Ubuntu Local Security Checks
Nessus Plugin ID: 57999 ()
Bugtraq ID: 5049450802514075170551706
CVE ID: CVE-2011-3607CVE-2011-4317CVE-2012-0021CVE-2012-0031CVE-2012-0053
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.