Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : apache2 vulnerabilities (USN-2686-1)
Medium Nessus Plugin ID 85042
SynopsisThe remote Ubuntu host is missing a security-related patch.
DescriptionIt was discovered that the Apache HTTP Server incorrectly parsed chunk headers. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks. (CVE-2015-3183)
It was discovered that the Apache HTTP Server incorrectly handled the ap_some_auth_required API. A remote attacker could possibly use this issue to bypass intended access restrictions. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3185).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected apache2.2-bin package.