Mandrake Linux Security Advisory : apache2 (MDKSA-2006:007)
Medium Nessus Plugin ID 20473
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA flaw was discovered in mod_imap when using the Referer directive with image maps that could be used by a remote attacker to perform a cross- site scripting attack, in certain site configurations, if a victim could be forced to visit a malicious URL using certain web browsers (CVE-2005-3352).
Also, a NULL pointer dereference flaw was found in mod_ssl that affects server configurations where an SSL virtual host was configured with access controls and a custom 400 error document. This could allow a remote attacker to send a carefully crafted request to trigger the issue and cause a crash, but only with the non-default worker MPM (CVE-2005-3357).
The provided packages have been patched to prevent these problems.
SolutionUpdate the affected packages.