Summary
The remote host is missing an update to libapache-mod-ssl announced via advisory DSA 135-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20135-1
Insight
The libapache-mod-ssl package provides SSL capability to the apache webserver.
Recently, a problem has been found in the handling of .htaccess files, allowing arbitrary code execution as the web server user (regardless of ExecCGI / suexec settings), DoS attacks (killing off apache children), and allowing someone to take control of apache child processes - all trough specially crafted .htaccess files.
More information about this vulnerability can be found at
http://online.securityfocus.com/bid/5084
This has been fixed in the libapache-mod-ssl_2.4.10-1.3.9-1potato2 package (for potato), and the libapache-mod-ssl_2.8.9-2 package (for woody) .
We recommend you upgrade as soon as possible.
Severity
Classification
-
CVE CVE-2002-0653 -
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities