Slackware 8.1 / 9.0 / 9.1 / current : apache (SSA:2004-133-01)

High Nessus Plugin ID 18787

Synopsis

The remote Slackware host is missing a security update.

Description

New apache packages are available for Slackware 8.1, 9.0, 9.1, and
-current to fix security issues. These include a possible denial-of-service attack as well as the ability to possible pipe shell escapes through Apache's errorlog (which could create an exploit if the error log is read in a terminal program that does not filter such escapes). We recommend that sites running Apache upgrade to the new Apache package.

Solution

Update the affected apache package.

See Also

http://www.nessus.org/u?6e6ddedc

Plugin Details

Severity: High

ID: 18787

File Name: Slackware_SSA_2004-133-01.nasl

Version: 1.16

Type: local

Published: 2005/07/13

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:slackware:slackware_linux:apache, cpe:/o:slackware:slackware_linux, cpe:/o:slackware:slackware_linux:8.1, cpe:/o:slackware:slackware_linux:9.0, cpe:/o:slackware:slackware_linux:9.1

Required KB Items: Host/local_checks_enabled, Host/Slackware/release, Host/Slackware/packages

Patch Publication Date: 2004/05/12

Vulnerability Publication Date: 2004/03/08

Reference Information

CVE: CVE-2003-0020, CVE-2003-0987, CVE-2003-0993, CVE-2004-0174

SSA: 2004-133-01