Mandriva Linux Security Advisory : apache (MDVSA-2008:195)
Medium Nessus Plugin ID 37114
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability was discovered in the mod_proxy module in Apache where it did not limit the number of forwarded interim responses, allowing remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses (CVE-2008-2364).
A cross-site scripting vulnerability was found in the mod_proxy_ftp module in Apache that allowed remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939).
The updated packages have been patched to prevent these issues.
SolutionUpdate the affected packages.