RHEL 3 : httpd (RHSA-2004:084)

medium Nessus Plugin ID 12473

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated httpd packages are now available that fix a denial of service vulnerability in mod_ssl and include various other bug fixes.

The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server.

A memory leak in mod_ssl in the Apache HTTP Server prior to version 2.0.49 allows a remote denial of service attack against an SSL-enabled server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0113 to this issue.

This update also includes various bug fixes, including :

- improvements to the mod_expires, mod_dav, mod_ssl and mod_proxy modules

- a fix for a bug causing core dumps during configuration parsing on the IA64 platform

- an updated version of mod_include fixing several edge cases in the SSI parser

Additionally, the mod_logio module is now included.

Users of the Apache HTTP server should upgrade to these updated packages, which contain backported patches that address these issues.

Solution

Update the affected httpd, httpd-devel and / or mod_ssl packages.

See Also

https://access.redhat.com/security/cve/cve-2004-0113

http://www.apacheweek.com/features/security-20

https://access.redhat.com/errata/RHSA-2004:084

Plugin Details

Severity: Medium

ID: 12473

File Name: redhat-RHSA-2004-084.nasl

Version: 1.29

Type: local

Agent: unix

Published: 7/6/2004

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:httpd, p-cpe:/a:redhat:enterprise_linux:httpd-devel, p-cpe:/a:redhat:enterprise_linux:mod_ssl, cpe:/o:redhat:enterprise_linux:3

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 3/23/2004

Vulnerability Publication Date: 3/29/2004

Reference Information

CVE: CVE-2004-0113

RHSA: 2004:084