High Nessus Plugin ID 19925
SynopsisThe remote host is missing a vendor-supplied security patch
DescriptionThe remote host is missing the patch for the advisory SUSE-SA:2005:046 (apache,apache2).
A security flaw was found in the Apache and Apache2 web servers which allows remote attacker to 'smuggle' requests past filters by providing handcrafted header entries.
Fixed Apache 2 server packages were released on July 26th, fixed Apache 1 server packages were released on August 15th.
This issue is tracked by the Mitre CVE ID CVE-2005-2088.
The Apache2 packages additionally fix a single byte overflow in the SSL CRL handling functionality, tracked by the Mitre CVE ID CVE-2005-1268.
The Apache1 packages additionally fix a harmless local buffer overflow in htpasswd.