RHEL 3 : httpd (RHSA-2004:084)

medium Nessus Plugin ID 12473
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated httpd packages are now available that fix a denial of service vulnerability in mod_ssl and include various other bug fixes.

The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server.

A memory leak in mod_ssl in the Apache HTTP Server prior to version 2.0.49 allows a remote denial of service attack against an SSL-enabled server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0113 to this issue.

This update also includes various bug fixes, including :

- improvements to the mod_expires, mod_dav, mod_ssl and mod_proxy modules

- a fix for a bug causing core dumps during configuration parsing on the IA64 platform

- an updated version of mod_include fixing several edge cases in the SSI parser

Additionally, the mod_logio module is now included.

Users of the Apache HTTP server should upgrade to these updated packages, which contain backported patches that address these issues.

Solution

Update the affected httpd, httpd-devel and / or mod_ssl packages.

See Also

https://access.redhat.com/security/cve/cve-2004-0113

http://www.apacheweek.com/features/security-20

https://access.redhat.com/errata/RHSA-2004:084

Plugin Details

Severity: Medium

ID: 12473

File Name: redhat-RHSA-2004-084.nasl

Version: 1.29

Type: local

Agent: unix

Published: 7/6/2004

Updated: 1/14/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:httpd, p-cpe:/a:redhat:enterprise_linux:httpd-devel, p-cpe:/a:redhat:enterprise_linux:mod_ssl, cpe:/o:redhat:enterprise_linux:3

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 3/23/2004

Vulnerability Publication Date: 3/29/2004

Reference Information

CVE: CVE-2004-0113

RHSA: 2004:084