APPLE-SA-2004-01-26

9504

The remote host appears to be running a version of Apache 2.x that is older than 2.0.48.  This version is vulnerable to a bug that may allow a rogue CGI to disable the httpd service by issuing over 4K of data to stderr. To exploit this flaw, an attacker would need the ability to upload a rogue CGI script to this server and to have it executed by the Apache daemon (httpd).

The remote host appears to be running a version of Apache which is older  than 1.3.29  There are several flaws in this version that may allow an attacker to possibly execute arbitrary code through mod_alias and mod_rewrite.

The remote host is missing Security Update 2004-01-26.

This security update includes the following components :

 - Apache 1.3
 - Classic
 - Mail
 - Safari
 - Windows File Sharing

For MacOS 10.1.5, it only includes the following :

 - Mail

This update contains various fixes which may allow an attacker to execute arbitrary code on the remote host.

ID	Name	Product	Family	Severity
2175	Apache < 2.0.48 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high
2174	Apache < 1.3.29 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high
12517	Mac OS X Multiple Vulnerabilities (Security Update 2004-01-26)	Nessus	MacOS X Local Security Checks	critical
800585	Apache < 1.3.29 Multiple Vulnerabilities	Log Correlation Engine	Web Servers	high
800583	Apache < 2.0.48 Multiple Vulnerabilities	Log Correlation Engine	Web Servers	high

CVE-2004-0092

HIGH

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

critical

high

high