Mandrake Linux Security Advisory : apache2 (MDKSA-2006:007)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A flaw was discovered in mod_imap when using the Referer directive
with image maps that could be used by a remote attacker to perform a
cross- site scripting attack, in certain site configurations, if a
victim could be forced to visit a malicious URL using certain web
browsers (CVE-2005-3352).

Also, a NULL pointer dereference flaw was found in mod_ssl that
affects server configurations where an SSL virtual host was configured
with access controls and a custom 400 error document. This could allow
a remote attacker to send a carefully crafted request to trigger the
issue and cause a crash, but only with the non-default worker MPM
(CVE-2005-3357).

The provided packages have been patched to prevent these problems.

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.4
(CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 20473 (mandrake_MDKSA-2006-007.nasl)

Bugtraq ID:

CVE ID: CVE-2005-3352
CVE-2005-3357

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now