This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing one or more security
The Apache web server comes with a module called mod_rewrite which is
used to rewrite URLs presented by the client prior to further
processing. There is a flaw in the mod_rewrite logic that allows an
attacker to view arbitrary files on the server system if they contain
regular expression references. All Linux-Mandrake users using Apache
are encouraged to upgrade to these updated versions that fix this
The Apache package for 7.1 had a problem with improper permissions on
the suexec wrapper which prevented it from running if the
apache-suexec package was installed. As well, the uninstall script
would exit with errors. Both issues are fixed. The new md5 checksums
are listed below.
The permissions on the -14mdk apache-suexec package were still
incorrect. While some CGI scripts would perform, others would not due
to the permissions being 4700 and not 4711. The -15mdk RPMs for 7.1
fix this issue.
Update the affected apache, apache-devel and / or apache-suexec
Risk factor :
Medium / CVSS Base Score : 5.0