Mandrake Linux Security Advisory : apache (MDKSA-2007:235)

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A flaw in the Apache mod_proxy module was found that could potentially
lead to a denial of service is using a threaded Multi-Processing
Module. On sites where a reverse proxy is configured, a remote
attacker could send a special reequest that would cause the Apache
child process handling the request to crash. Likewise, a similar crash
could occur on sites with a forward proxy configured if a user could
be persuaded to visit a malicious site using the proxy
(CVE-2007-3847).

A flaw in the Apache mod_autoindex module was found. On sites where
directory listings are used and the AddDefaultCharset directive was
removed from the configuration, a cross-site-scripting attack could be
possible against browsers that to not correctly derive the response
character set according to the rules in RGC 2616 (CVE-2007-4465).

The updated packages have been patched to correct this issue.

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 29202 (mandrake_MDKSA-2007-235.nasl)

Bugtraq ID:

CVE ID: CVE-2007-3847
CVE-2007-4465

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now