Mandrake Linux Security Advisory : apache2 (MDKSA-2006:007)

Medium Nessus Plugin ID 20473

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A flaw was discovered in mod_imap when using the Referer directive with image maps that could be used by a remote attacker to perform a cross- site scripting attack, in certain site configurations, if a victim could be forced to visit a malicious URL using certain web browsers (CVE-2005-3352).

Also, a NULL pointer dereference flaw was found in mod_ssl that affects server configurations where an SSL virtual host was configured with access controls and a custom 400 error document. This could allow a remote attacker to send a carefully crafted request to trigger the issue and cause a crash, but only with the non-default worker MPM (CVE-2005-3357).

The provided packages have been patched to prevent these problems.

Solution

Update the affected packages.

Plugin Details

Severity: Medium

ID: 20473

File Name: mandrake_MDKSA-2006-007.nasl

Version: 1.16

Type: local

Published: 2006/01/15

Updated: 2018/07/19

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5.4

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:apache-base, p-cpe:/a:mandriva:linux:apache-devel, p-cpe:/a:mandriva:linux:apache-mod_cache, p-cpe:/a:mandriva:linux:apache-mod_dav, p-cpe:/a:mandriva:linux:apache-mod_deflate, p-cpe:/a:mandriva:linux:apache-mod_disk_cache, p-cpe:/a:mandriva:linux:apache-mod_file_cache, p-cpe:/a:mandriva:linux:apache-mod_ldap, p-cpe:/a:mandriva:linux:apache-mod_mem_cache, p-cpe:/a:mandriva:linux:apache-mod_proxy, p-cpe:/a:mandriva:linux:apache-mod_ssl, p-cpe:/a:mandriva:linux:apache-mod_userdir, p-cpe:/a:mandriva:linux:apache-modules, p-cpe:/a:mandriva:linux:apache-mpm-peruser, p-cpe:/a:mandriva:linux:apache-mpm-prefork, p-cpe:/a:mandriva:linux:apache-mpm-worker, p-cpe:/a:mandriva:linux:apache-source, p-cpe:/a:mandriva:linux:apache2, p-cpe:/a:mandriva:linux:apache2-common, p-cpe:/a:mandriva:linux:apache2-devel, p-cpe:/a:mandriva:linux:apache2-manual, p-cpe:/a:mandriva:linux:apache2-mod_cache, p-cpe:/a:mandriva:linux:apache2-mod_dav, p-cpe:/a:mandriva:linux:apache2-mod_deflate, p-cpe:/a:mandriva:linux:apache2-mod_disk_cache, p-cpe:/a:mandriva:linux:apache2-mod_file_cache, p-cpe:/a:mandriva:linux:apache2-mod_ldap, p-cpe:/a:mandriva:linux:apache2-mod_mem_cache, p-cpe:/a:mandriva:linux:apache2-mod_proxy, p-cpe:/a:mandriva:linux:apache2-mod_ssl, p-cpe:/a:mandriva:linux:apache2-modules, p-cpe:/a:mandriva:linux:apache2-peruser, p-cpe:/a:mandriva:linux:apache2-source, p-cpe:/a:mandriva:linux:apache2-worker, cpe:/o:mandrakesoft:mandrake_linux:10.1, cpe:/o:mandriva:linux:2006, x-cpe:/o:mandrakesoft:mandrake_linux:le2005

Patch Publication Date: 2006/01/05

Reference Information

CVE: CVE-2005-3352, CVE-2005-3357

MDKSA: 2006:007