Sårbarhetslösningar

Nimsoft Cloud Monitor periodiska sårbarhetsskanning kontrollerar sårbarheten nedan. Om du vill se de senasta sårbarhetslösningarna som skannas av Nimsoft Cloud Monitor kan du gå till översikten med sårbarhetslösningar

Kategori: Ubuntu Local Security Checks Riskfaktor: Medium Tillagt: 11 mar 2010
Synopsis:

These remote packages are missing security patches :
- apache2
- apache2-common
- apache2-doc
- apache2-mpm-event - apache2-mpm-itk
- apache2-mpm-perchild - apache2-mpm-prefork
- apache2-mpm-worker - apache2-prefork-dev
- apache2-src
- apache2-suexec
- apache2-suexec-custom - apache2-threaded-dev
- apache2-utils
- apache2.2-bin
- apache2.2-common
- libapr0
- libapr0-dev

Description:

It was discovered that mod_proxy_ajp did not properly handle errors when a client doesn't send a request body. A remote attacker could exploit this with a crafted request and cause a denial of service. This issue affected Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10. (CVE-2010-0408)

It was discovered that Apache did not properly handle headers in subrequests under certain conditions. A remote attacker could exploit this with a crafted request and possibly obtain sensitive information from previous requests. (CVE-2010-0434)

Solution:

Upgrade to :
- apache2-2.2.12-1ubuntu2.2 (Ubuntu 9.10) - apache2-common-2.0.55-4ubuntu2.10 (Ubuntu 6.06) - apache2-doc-2.2.12-1ubuntu2.2 (Ubuntu 9.10) - apache2-mpm-event-2.2.12-1ubuntu2.2 (Ubuntu 9.10) - apache2-mpm-itk-2.2.12-1ubuntu2.2 (Ubuntu 9.10) - apache2-mpm-perchild-2.2.8-1ubuntu0.15 (Ubuntu 8.04) - apache2-mpm-prefork-2.2.12-1ubuntu2.2 (Ubuntu 9.10) - apache2-mpm-worker-2.2.12-1ubuntu2.2 (Ubuntu 9.10) - apache2-prefork-dev-2.2.12-1ubuntu2.2 (Ubuntu 9.10) - apache2-src-2.2.11-2ubuntu2.6 (Ubuntu 9
[...]

Risk factor:

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)