SynopsisThe remote version of Apache is affected by multiple vulnerabilities.
DescriptionThe remote host appears to be running a version of Apache that is prior to 2.0.55. It is, therefore affected by multiple vulnerabilities :
- A security issue exists where 'SSLVerifyClient' is not enforced in per-location context if 'SSLVerifyClient optional' is configured in the vhost configuration.
- A denial of service vulnerability exists when processing a large byte range request, as well as a flaw in the 'worker.c' module which could allow an attacker to force this service to consume excessive amounts of memory.
- When Apache is acting as a proxy, it is possible for a remote attacker to poison the web cache, bypass web application firewall protection, and conduct cross-site scripting attacks via an HTTP request with both a 'Transfer-Encoding: chunked' header and a 'Content-Length' header. (CVE-2005-2088)
- Multiple integer overflows exists in PCRE in quantifier parsing which could be triggered by a local user through use of a specially crafted regex in an .htaccess file.
- An issue exists where the byte range filter buffers responses into memory. (CVE-2005-2728)
- An off-by-one overflow exists in mod_ssl while printing CRL information at 'LogLevel debug' which could be triggered if configured to use a 'malicious CRL'.
SolutionUpgrade to version 2.0.55 or later.