Mandriva Update For Apache MDVSA-2008:195 (apache) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability was discovered in the mod_proxy module in Apache where it did not limit the number of forwarded interim responses, allowing remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses (CVE-2008-2364). A cross-site scripting vulnerability was found in the mod_proxy_ftp module in Apache that allowed remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). The updated packages have been patched to prevent these issues.

Affected

apache on Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64, Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64, Mandriva Linux 2008.1, Mandriva Linux 2008.1/X86_64

Severity

Classification

CVE CVE-2008-2364, CVE-2008-2939
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:125 (wireshark)
Mandrake Security Advisory MDVSA-2009:127 (gaim)
Mandrake Security Advisory MDVSA-2009:207 (perl-Compress-Raw-Bzip2)
Mandrake Security Advisory MDVSA-2009:117 (ntp)
Mandrake Security Advisory MDVSA-2009:180 (compface)

Mandriva Update for apache MDVSA-2008:195 (apache)

Take action and discover your vulnerabilities