Detections
Analytics

Slackware 8.1 / 9.0 / 9.1 / current : apache (SSA:2004-133-01)

high Nessus Plugin ID 18787

Synopsis

The remote Slackware host is missing a security update.

Description

New apache packages are available for Slackware 8.1, 9.0, 9.1, and
-current to fix security issues. These include a possible denial-of-service attack as well as the ability to possible pipe shell escapes through Apache's errorlog (which could create an exploit if the error log is read in a terminal program that does not filter such escapes). We recommend that sites running Apache upgrade to the new Apache package.

Solution

Update the affected apache package.

See Also

http://www.nessus.org/u?6e6ddedc

Plugin Details

Severity: High

ID: 18787

File Name: Slackware_SSA_2004-133-01.nasl

Version: 1.17

Type: local

Published: 7/13/2005

Updated: 1/14/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:slackware:slackware_linux:9.1, cpe:/o:slackware:slackware_linux:9.0, cpe:/o:slackware:slackware_linux:8.1, p-cpe:/a:slackware:slackware_linux:apache, cpe:/o:slackware:slackware_linux

Required KB Items: Host/local_checks_enabled, Host/Slackware/release, Host/Slackware/packages

Patch Publication Date: 5/12/2004

Vulnerability Publication Date: 3/8/2004

Reference Information

CVE: CVE-2003-0020, CVE-2003-0987, CVE-2003-0993, CVE-2004-0174

SSA: 2004-133-01