Summary
The remote host is missing an update to apache
announced via advisory MDVSA-2009:149.
Solution
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:149
Insight
Multiple vulnerabilities has been found and corrected in apache:
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests (CVE-2009-1890).
Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects (CVE-2009-1891).
This update provides fixes for these vulnerabilities.
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0
Severity
Classification
-
CVE CVE-2009-1890, CVE-2009-1891 -
CVSS Base Score: 7.1
AV:N/AC:M/Au:N/C:N/I:N/A:C
Related Vulnerabilities