Mandriva Update For Apache MDVSA-2008:195 (apache) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability was discovered in the mod_proxy module in Apache where it did not limit the number of forwarded interim responses, allowing remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses (CVE-2008-2364). A cross-site scripting vulnerability was found in the mod_proxy_ftp module in Apache that allowed remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). The updated packages have been patched to prevent these issues.

Affected

apache on Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64, Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64, Mandriva Linux 2008.1, Mandriva Linux 2008.1/X86_64

Severity

Classification

CVE CVE-2008-2364, CVE-2008-2939

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:206 (wget)
Mandrake Security Advisory MDVSA-2009:170 (initscripts)
Mandrake Security Advisory MDVSA-2009:038 (blender)
Mandrake Security Advisory MDVSA-2009:102 (apache)
Mandrake Security Advisory MDVSA-2009:155 (git)

Mandriva Update for apache MDVSA-2008:195 (apache)

Take action and discover your vulnerabilities