FreeBSD : Apache 2 mod_ssl denial-of-service (492f8896-70fa-11d8-873f-0020ed76ef5a)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Joe Orton reports a memory leak in Apache 2's mod_ssl. A remote
attacker may issue HTTP requests on an HTTPS port, causing an error.
Due to a bug in processing this condition, memory associated with the
connection is not freed. Repeated requests can result in consuming all
available memory resources, probably resulting in termination of the
Apache process.

See also :

http://www.apacheweek.com/features/security-20
http://www.nessus.org/u?ebaa4b21
http://marc.info/?l=apache-cvs&m=107869699329638
http://www.nessus.org/u?c10a6a0b

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 36300 (freebsd_pkg_492f889670fa11d8873f0020ed76ef5a.nasl)

Bugtraq ID: 9826

CVE ID: CVE-2004-0113

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now