Mandrake Linux Security Advisory : apache (MDKSA-2007:235)

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.

Synopsis :

The remote Mandrake Linux host is missing one or more security

Description :

A flaw in the Apache mod_proxy module was found that could potentially
lead to a denial of service is using a threaded Multi-Processing
Module. On sites where a reverse proxy is configured, a remote
attacker could send a special reequest that would cause the Apache
child process handling the request to crash. Likewise, a similar crash
could occur on sites with a forward proxy configured if a user could
be persuaded to visit a malicious site using the proxy

A flaw in the Apache mod_autoindex module was found. On sites where
directory listings are used and the AddDefaultCharset directive was
removed from the configuration, a cross-site-scripting attack could be
possible against browsers that to not correctly derive the response
character set according to the rules in RGC 2616 (CVE-2007-4465).

The updated packages have been patched to correct this issue.

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0

Family: Mandriva Local Security Checks

Nessus Plugin ID: 29202 (mandrake_MDKSA-2007-235.nasl)

Bugtraq ID:

CVE ID: CVE-2007-3847

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now