SynopsisThe remote Debian host is missing a security update.
DescriptionRobert Swiecki discovered that the value placeholder in [Proxy-]Authorization Digest headers were not initialized or reset before or between successive key=value assignments in Apache 2's mod_auth_digest module
Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request leading to leakage of potentially confidential information and a segfault.
For Debian 7 'Wheezy', this issue has been fixed in apache2 version 2.2.22-13+deb7u10.
We recommend that you upgrade your apache2 packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpgrade the affected packages.