Mandriva Security Advisory MDVSA-2009:091-1 (mod_perl) Network Vulnerability

Summary

The remote host is missing an update to mod_perl announced via advisory MDVSA-2009:091-1.

Solution

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:091-1

Insight

A vulnerability has been found and corrected in mod_perl v1.x and v2.x: Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI (CVE-2009-0796). The updated packages have been patched to correct these issues. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. Affected: 2008.0

Severity

Classification

CVE CVE-2009-0796
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Mandriva Update for glpi-massocsimport MDVA-2011:021 (glpi-massocsimport)
Mandriva Update for mutt MDKSA-2007:113 (mutt)
Mandriva Update for nfs-utils MDVSA-2011:186 (nfs-utils)
Mandriva Update for spamassassin MDKSA-2007:125 (spamassassin)
Mandriva Update for evolution MDKSA-2007:107 (evolution)

Take action and discover your vulnerabilities