Mandriva Update For Apache-conf MDVSA-2009:300-2 (apache-conf) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability was discovered and corrected in apache-conf: The Apache HTTP Server enables the HTTP TRACE method per default which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software (CVE-2009-2823). This update provides a solution to this vulnerability. Update: Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.

Affected

apache-conf on Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64

Severity

Classification

CVE CVE-2009-2823
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:161 (squid)
Mandrake Security Advisory MDVSA-2009:092 (ntp)
Mandrake Security Advisory MDVSA-2009:108 (zsh)
Mandrake Security Advisory MDVSA-2009:007 (ntp)
Mandrake Security Advisory MDVSA-2009:212 (python)

Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)

Take action and discover your vulnerabilities