|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Mandrake Local Security Checks >> MDKSA-2004:046-1: apache-mod_perl Vulnerability Assessment Details
|
MDKSA-2004:046-1: apache-mod_perl |
||
Check for the version of the apache-mod_perl package Detailed Explanation for this Vulnerability Assessment The remote host is missing the patch for the advisory MDKSA-2004:046-1 (apache-mod_perl). Four security vulnerabilities were fixed with the 1.3.31 release of Apache. All of these issues have been backported and applied to the provided packages. Thanks to Ralf Engelschall of OpenPKG for providing the patches. Apache 1.3 prior to 1.3.30 did not filter terminal escape sequences from its error logs. This could make it easier for attackers to insert those sequences into the terminal emulators of administrators viewing the error logs that contain vulnerabilities related to escape sequence handling (CVE-2003-0020). mod_digest in Apache 1.3 prior to 1.3.31 did not properly verify the nonce of a client response by using an AuthNonce secret. Apache now verifies the nonce returned in the client response to check whether it was issued by itself by means of a 'AuthDigestRealmSeed' secret exposed as an MD5 checksum (CVE-2003-0987). mod_acces in Apache 1.3 prior to 1.3.30, when running on big-endian 64-bit platforms, did not properly parse Allow/Deny rules using IP addresses without a netmask. This could permit a remote attacker to bypass intended access restrictions (CVE-2003-0993). Apache 1.3 prior to 1.3.30, when using multiple listening sockets on certain platforms, permits a remote attacker to cause a DoS by blocking new connections via a short-lived connection on a rarely-accessed listening socket (CVE-2004-0174). While this particular vulnerability does not affect Linux, we felt it prudent to include the fix. Update: Due to the changes in mod_digest.so, mod_perl needed to be rebuilt against the patched Apache packages in order for httpd-perl to properly load the module. The appropriate mod_perl packages have been rebuilt and are now available. Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2004:046-1 Network Security Threat Level: High Networks Security ID: 9571 Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security |
||
Cables, Connectors |
Cisco ASA5515-K9 Gigabit Ethernet Network Security/Firewall 1 Year Warranty
$90.00
Cisco MX64-HW MX64 Cloud Managed Security Appliance 1 Year Warranty
$74.00
NEW NetFu Firewall Mini, Intel CPU, 6 x Gigabit, 4gb/64gb, pfSense
$300.00
Fortinet Fortigate FG-61E | Firewall Network Security Appliance
$49.99
Fortinet FortiGate 50E Firewall
$45.00
Fortinet Fortiwifi 60D FG-60D Security Appliance Firewall / VPN w/ AC Adapter
$34.97
Palo Alto PA-220 Next-Gen Firewall 520-000309-00J w/ Power adapter
$69.98
FORTINET FG-500D FortiGate 500D, 10xGE RJ45 ports, 8xGE SFP slots Firewall
$126.00
Fortinet FortiGate 600 Firewall FG-600D w/ Rack Ears Tested & Reset Unregistered
$160.00
Firewall pfSense 2.7.2 Release 8GB Memory - Dual NIC 1 GB - 120GB intel SSD
$107.77
|
||
No Discussions have been posted on this vulnerability. |