Fedora 11 : httpd-2.2.15-1.fc11.1 (2010-6131)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

The Apache HTTP Server Project is proud to announce the release of
version 2.2.15 of the Apache HTTP Server ('httpd'). This version is
principally a security and bugfix release. Notably, this release was
updated to reflect the OpenSSL Project's release 0.9.8m of the openssl
library, and addresses CVE-2009-3555 (cve.mitre.org), the TLS
renegotiation prefix injection attack. This release further addresses
the issues CVE-2010-0408 and CVE-2010-0434 within mod_proxy_ajp and
mod_headers respectively. See the upstream changes file for further
information: http://www.apache.org/dist/httpd/CHANGES_2.2.15

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.apache.org/dist/httpd/CHANGES_2.2.15
https://bugzilla.redhat.com/show_bug.cgi?id=569905
https://bugzilla.redhat.com/show_bug.cgi?id=570171
http://www.nessus.org/u?9b52c1a0

Solution :

Update the affected httpd package.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 4.8
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 47417 (fedora_2010-6131.nasl)

Bugtraq ID: 36935
38491
38494
38580

CVE ID: CVE-2009-3555
CVE-2010-0408
CVE-2010-0434

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now