Please Install the Updated Packages.

A flaw in the Apache mod_proxy module was found that could potentially lead to a denial of service is using a threaded Multi-Processing Module. On sites where a reverse proxy is configured, a remote attacker could send a special reequest that would cause the Apache child process handling the request to crash. Likewise, a similar crash could occur on sites with a forward proxy configured if a user could be persuaded to visit a malicious site using the proxy (CVE-2007-3847). A flaw in the Apache mod_autoindex module was found. On sites where directory listings are used and the AddDefaultCharset directive was removed from the configuration, a cross-site-scripting attack could be possible against browsers that to not correctly derive the response character set according to the rules in RGC 2616 (CVE-2007-4465). The updated packages have been patched to correct this issue.

apache on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64, Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64