SuSE 11.1 Security Update : Apache2 (SAT Patch Number 5482)

Medium Nessus Plugin ID 57090


The remote SuSE 11 host is missing one or more security updates.


This update fixes several security issues in the Apache2 webserver.

- This update also includes several fixes for a mod_proxy reverse exposure via RewriteRule or ProxyPassMatch directives. (CVE-2011-3639 / CVE-2011-3368 / CVE-2011-4317)

- Fixed the SSL renegotiation DoS by disabling renegotiation by default. (CVE-2011-1473)

- Integer overflow in ap_pregsub function resulting in a heap-based buffer overflow could potentially allow local attackers to gain privileges. (CVE-2011-3607)

Also a non-security bug was fixed :

- httpd-2.2.x-bnc727071-mod_authnz_ldap-utf8.diff: make non-ascii eg UTF8 passwords work with mod_authnz_ldap.


Apply SAT patch number 5482.

See Also

Plugin Details

Severity: Medium

ID: 57090

File Name: suse_11_apache2-111130.nasl

Version: $Revision: 1.12 $

Type: local

Agent: unix

Published: 2011/12/13

Modified: 2015/01/13

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:apache2, p-cpe:/a:novell:suse_linux:11:apache2-doc, p-cpe:/a:novell:suse_linux:11:apache2-example-pages, p-cpe:/a:novell:suse_linux:11:apache2-prefork, p-cpe:/a:novell:suse_linux:11:apache2-utils, p-cpe:/a:novell:suse_linux:11:apache2-worker, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/11/30

Exploitable With

ExploitHub (EH-14-410)

Reference Information

CVE: CVE-2011-1473, CVE-2011-3368, CVE-2011-3607, CVE-2011-3639, CVE-2011-4317