Vulnerability Solutions

The WatchMouse Periodic Vulnerability Scan checks for the vulnerability below. To see the most recently added vulnerability solutions that are scanned by WatchMouse, go to the Vulnerability Solutions overview

Category: Ubuntu Local Security Checks Risk factor: Medium Added: 11 Mar 2010
Synopsis:

These remote packages are missing security patches :
- apache2
- apache2-common
- apache2-doc
- apache2-mpm-event - apache2-mpm-itk
- apache2-mpm-perchild - apache2-mpm-prefork
- apache2-mpm-worker - apache2-prefork-dev
- apache2-src
- apache2-suexec
- apache2-suexec-custom - apache2-threaded-dev
- apache2-utils
- apache2.2-bin
- apache2.2-common
- libapr0
- libapr0-dev

Description:

It was discovered that mod_proxy_ajp did not properly handle errors when a client doesn't send a request body. A remote attacker could exploit this with a crafted request and cause a denial of service. This issue affected Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10. (CVE-2010-0408)

It was discovered that Apache did not properly handle headers in subrequests under certain conditions. A remote attacker could exploit this with a crafted request and possibly obtain sensitive information from previous requests. (CVE-2010-0434)

Solution:

Upgrade to :
- apache2-2.2.12-1ubuntu2.2 (Ubuntu 9.10) - apache2-common-2.0.55-4ubuntu2.10 (Ubuntu 6.06) - apache2-doc-2.2.12-1ubuntu2.2 (Ubuntu 9.10) - apache2-mpm-event-2.2.12-1ubuntu2.2 (Ubuntu 9.10) - apache2-mpm-itk-2.2.12-1ubuntu2.2 (Ubuntu 9.10) - apache2-mpm-perchild-2.2.8-1ubuntu0.15 (Ubuntu 8.04) - apache2-mpm-prefork-2.2.12-1ubuntu2.2 (Ubuntu 9.10) - apache2-mpm-worker-2.2.12-1ubuntu2.2 (Ubuntu 9.10) - apache2-prefork-dev-2.2.12-1ubuntu2.2 (Ubuntu 9.10) - apache2-src-2.2.11-2ubuntu2.6 (Ubuntu 9
[...]

Risk factor:

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)