Summary
The remote host is missing an update as announced
via advisory SSA:2003-308-01.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2003-308-01
Insight
Apache httpd is a hypertext transfer protocol server, and is used by over two thirds of the Internet's web sites.
Upgraded Apache packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix local vulnerabilities that could allow users who can create or edit Apache config files to gain additional privileges. Sites running Apache should upgrade to the new packages.
In addition, new mod_ssl packages have been prepared for all platforms, and new PHP packages have been prepared for Slackware 8.1, 9.0, and - -current (9.1 already uses PHP 4.3.3). In -current, these packages also move the Apache module directory from /usr/libexec to /usr/libexec/apache. Links for all of these related packages are provided below.
More details about the Apache issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542
Severity
Classification
-
CVE CVE-2003-0542 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities