Soluzioni per la vulnerabilità
 |
scansioni aggiunte negli ultimi 7 giorni |
| La Scansione Vulnerabilità periodica di WatchMouse verifica le vulnerabilità riportate qui sotto. Per visualizzare le soluzioni per la vulnerabilità più recenti scansionate da WatchMouse, visitare la pagina sulla panoramica delle Soluzioni per la vulnerabilità |
| Categoria: Gentoo Local Security Checks | Fattore di rischio: Medium | Aggiunto il: 3 lug 2009 |
| Synopsis: The remote host is missing the GLSA-200907-02 security update. Description: The remote host is affected by the vulnerability described in GLSA-200907-02 (ModSecurity: Denial of Service) Multiple vulnerabilities were discovered in ModSecurity: Juan Galiana Lara of ISecAuditors discovered a NULL pointer dereference when processing multipart requests without a part header name (CVE-2009-1902). Steve Grubb of Red Hat reported that the "PDF XSS protection" feature does not properly handle HTTP requests to a PDF file that do not use the GET method (CVE-2009-1903). Impact A remote attacker might send requests containing specially crafted multipart data or send certain requests to access a PDF file, possibly resulting in a Denial of Service (crash) of the Apache HTTP daemon. NOTE: The PDF XSS protection is not enabled by default. Workaround There is no known workaround at this time. See also: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1903 http://www.gentoo.org/security/en/glsa/glsa-200907-02.xml Solution: All ModSecurity users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apache/mod_security-2.5.9" Risk factor: Medium |
||
