Soluzioni per la vulnerabilità

La Scansione Vulnerabilità periodica di Nimsoft Cloud Monitor verifica le vulnerabilità riportate qui sotto. Per visualizzare le soluzioni per la vulnerabilità più recenti scansionate da WatchMouse, visitare la pagina sulla panoramica delle Soluzioni per la vulnerabilità

Categoria: Ubuntu Local Security Checks Fattore di rischio: Medium Aggiunto il: 11 mar 2010
Synopsis:

These remote packages are missing security patches :
- apache2
- apache2-common
- apache2-doc
- apache2-mpm-event - apache2-mpm-itk
- apache2-mpm-perchild - apache2-mpm-prefork
- apache2-mpm-worker - apache2-prefork-dev
- apache2-src
- apache2-suexec
- apache2-suexec-custom - apache2-threaded-dev
- apache2-utils
- apache2.2-bin
- apache2.2-common
- libapr0
- libapr0-dev

Description:

It was discovered that mod_proxy_ajp did not properly handle errors when a client doesn't send a request body. A remote attacker could exploit this with a crafted request and cause a denial of service. This issue affected Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10. (CVE-2010-0408)

It was discovered that Apache did not properly handle headers in subrequests under certain conditions. A remote attacker could exploit this with a crafted request and possibly obtain sensitive information from previous requests. (CVE-2010-0434)

Solution:

Upgrade to :
- apache2-2.2.12-1ubuntu2.2 (Ubuntu 9.10) - apache2-common-2.0.55-4ubuntu2.10 (Ubuntu 6.06) - apache2-doc-2.2.12-1ubuntu2.2 (Ubuntu 9.10) - apache2-mpm-event-2.2.12-1ubuntu2.2 (Ubuntu 9.10) - apache2-mpm-itk-2.2.12-1ubuntu2.2 (Ubuntu 9.10) - apache2-mpm-perchild-2.2.8-1ubuntu0.15 (Ubuntu 8.04) - apache2-mpm-prefork-2.2.12-1ubuntu2.2 (Ubuntu 9.10) - apache2-mpm-worker-2.2.12-1ubuntu2.2 (Ubuntu 9.10) - apache2-prefork-dev-2.2.12-1ubuntu2.2 (Ubuntu 9.10) - apache2-src-2.2.11-2ubuntu2.6 (Ubuntu 9
[...]

Risk factor:

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)