Mandriva Update For Apache-conf MDVSA-2009:300-1 (apache-conf) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability was discovered and corrected in apache-conf: The Apache HTTP Server enables the HTTP TRACE method per default which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software (CVE-2009-2823). This update provides a solution to this vulnerability. Update: The wrong package was uploaded for 2009.1. This update addresses that problem.

Affected

apache-conf on Mandriva Linux 2009.1, Mandriva Linux 2009.1/X86_64

Severity

Classification

CVE CVE-2009-2823

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:094 (mysql)
Mandrake Security Advisory MDVSA-2009:212 (python)
Mandrake Security Advisory MDVSA-2009:124 (apache)
Mandrake Security Advisory MDVSA-2009:056 (net-snmp)
Mandrake Security Advisory MDVSA-2009:154 (dhcp)

Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)

Take action and discover your vulnerabilities