Summary
The remote host is missing updates announced in
advisory GLSA 200602-03.
Solution
All Apache users should upgrade to the latest version, depending on whether they still use the old configuration style (/etc/apache/conf/*.conf) or the new one (/etc/apache2/httpd.conf).
2.0.x users, new style config:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-www/apache-2.0.55-r1'
2.0.x users, old style config:
# emerge --sync
# emerge --ask --oneshot --verbose '=net-www/apache-2.0.54-r16'
1.x users, new style config:
# emerge --sync
# emerge --ask --oneshot --verbose '=net-www/apache-1.3.34-r11'
1.x users, old style config:
# emerge --sync
# emerge --ask --oneshot --verbose '=net-www/apache-1.3.34-r2'
http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200602-03 http://bugs.gentoo.org/show_bug.cgi?id=115324
http://bugs.gentoo.org/show_bug.cgi?id=118875
Insight
Apache can be exploited for cross-site scripting attacks and is vulnerable to a Denial of Service attack.
Severity
Classification
-
CVE CVE-2005-3352, CVE-2005-3357 -
CVSS Base Score: 5.4
AV:N/AC:H/Au:N/C:N/I:N/A:C
Related Vulnerabilities