Summary
The remote host is missing an update to mod_security announced via advisory FEDORA-2009-2654.
Solution
Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update mod_security' at the command line.
For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-2654
Insight
Update Information:
Security fixes for potential denials of service when using PDF XSS protection as well as when parsing multipart requests.
http://sourceforge.net/project/shownotes.php?release_id=667542&group_id=68846
ChangeLog:
* Thu Mar 12 2009 Michael Fleming 2.5.9-1
- Update to upstream release 2.5.9
- Fixes potential DoS' in multipart request and PDF XSS handling
Severity
Classification
-
CVE CVE-2009-1902, CVE-2009-1903 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities