Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Red Hat Local Security Checks >> RHSA-2004-349: httpd

Vulnerability Assessment Details

RHSA-2004-349: httpd

Vulnerability Assessment Summary
Check for the version of the httpd packages

Detailed Explanation for this Vulnerability Assessment

Updated httpd packages that include a security fix for mod_ssl and various
enhancements are now available.

The Apache HTTP server is a powerful, full-featured, efficient, and
freely-available Web server.

An input filter bug in mod_ssl was discovered in Apache httpd version
2.0.50 and earlier. A remote attacker could force an SSL connection to be
aborted in a particular state and cause an Apache child process to enter an
infinite loop, consuming CPU resources. The Common Vulnerabilities and
Exposures project ( has assigned the name CVE-2004-0748 to
this issue.

Additionally, this update includes the following enhancements and bug

- included an improved version of the mod_cgi module that correctly handles
concurrent output on stderr and stdout

- included support for direct lookup of SSL variables using %{SSL:...}
from mod_rewrite, or using %{...}s from mod_headers

- restored support for use of SHA1-encoded passwords

- added the mod_ext_filter module

Users of the Apache HTTP server should upgrade to these updated packages,
which contain backported patches that address these issues.

Solution :
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security

Cables, Connectors

Samsung 860 EVO 250GB 2.5' SATA III SSD Internal Solid State Drive MZ-76E250B/AM
Samsung 860 EVO 250GB 2.5' SATA III SSD Internal Solid State Drive MZ-76E250B/AM pictureSamsung 850 EVO MZ-75E250 250GB 2.5" SATA III Solid State Drive
Samsung 850 EVO MZ-75E250 250GB 2.5Samsung 860 EVO 500GB,Internal,2.5 inch (MZ76E500) Solid State Drive SSD
Samsung 860 EVO 500GB,Internal,2.5 inch (MZ76E500) Solid State Drive SSD pictureInternally Mount up to 4 2.5" HDD or SSD to 3.5" Drive Bay Aluminum Mounting Kit
Internally Mount up to 4 2.5


No Discussions have been posted on this vulnerability.