Gentoo Logo

Apache: Multiple vulnerabilities

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200711-06 / apache
Release Date November 07, 2007
Latest Revision November 07, 2007: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
www-servers/apache < 2.2.6 revision >= 2.0.59-r5, >= 2.2.6 All supported architectures

Related bugreports: #186219

Synopsis

Multiple vulnerabilities have been discovered in Apache, possibly resulting in a Denial of Service or the disclosure of sensitive information.

2.  Impact Information

Background

The Apache HTTP server is one of the most popular web servers on the Internet.

Description

Multiple cross-site scripting vulnerabilities have been discovered in mod_status and mod_autoindex (CVE-2006-5752, CVE-2007-4465). An error has been discovered in the recall_headers() function in mod_mem_cache (CVE-2007-1862). The mod_cache module does not properly sanitize requests before processing them (CVE-2007-1863). The Prefork module does not properly check PID values before sending signals (CVE-2007-3304). The mod_proxy module does not correctly check headers before processing them (CVE-2007-3847).

Impact

A remote attacker could exploit one of these vulnerabilities to inject arbitrary script or HTML content, obtain sensitive information or cause a Denial of Service.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All Apache users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.59-r5"

4.  References



Print

Page updated November 07, 2007

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.