Mandriva Update For Apache-conf MDVSA-2009:300-1 (apache-conf) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability was discovered and corrected in apache-conf: The Apache HTTP Server enables the HTTP TRACE method per default which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software (CVE-2009-2823). This update provides a solution to this vulnerability. Update: The wrong package was uploaded for 2009.1. This update addresses that problem.

Affected

apache-conf on Mandriva Linux 2009.1, Mandriva Linux 2009.1/X86_64

Severity

Classification

CVE CVE-2009-2823
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:069 (curl)
Mandrake Security Advisory MDVSA-2009:155 (git)
Mandrake Security Advisory MDVSA-2009:033 (sudo)
Mandrake Security Advisory MDVSA-2009:026-1 (phpMyAdmin)
Mandrake Security Advisory MDVSA-2009:063 (eog)

Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)

Take action and discover your vulnerabilities