Solutions de vulnérabilité

L'analyse périodique de vulnérabilité Nimsoft Cloud Monitor vérifie la vulnérabilité ci-dessous. Pour connaître les solutions de vulnérabilité les plus récemment ajoutées analysées par WatchMouse, rendez-vous sur la vue d'ensemble Solutions de vulnérabilité

Catégorie: Web Servers Facteur de risque: Critical Ajouté: 9 mars 2010
Synopsis:

The remote web server is affected by multiple vulnerabilities

Description:

According to its banner, the version of Apache 2.2 installed on the remote host is older than 2.2.15. Such versions are potentially affected by multiple vulnerabilities :

- A TLS renegotiation prefix injection attack is possible. (CVE-2009-3555)

- The 'mod_proxy_ajp' module returns the wrong status code if it encounters an error which causes the back-end server to be put into an error state. (CVE-2010-0408)

- The 'mod_isapi' attempts to unload the 'ISAPI.dll' when it encounters various error states which could leave call-backs in an undefined state. (CVE-2010-0425)

- A flaw in the core sub-request process code can lead to sensitive information from a request being handled by the wrong thread if a multi-threaded environment is used. (CVE-2010-0434)

See also:

http://httpd.apache.org/security/vulnerabilities_22.html
https://issues.apache.org/bugzilla/show_bug.cgi?id=48359
http://www.apache.org/dist/httpd/CHANGES_2.2.15

Solution:

Upgrade to Apache version 2.2.15 or later.

Risk factor:

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)