Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Red Hat Local Security Checks >> RHSA-2004-349: httpd


Vulnerability Assessment Details

RHSA-2004-349: httpd

Vulnerability Assessment Summary
Check for the version of the httpd packages

Detailed Explanation for this Vulnerability Assessment


Updated httpd packages that include a security fix for mod_ssl and various
enhancements are now available.

The Apache HTTP server is a powerful, full-featured, efficient, and
freely-available Web server.

An input filter bug in mod_ssl was discovered in Apache httpd version
2.0.50 and earlier. A remote attacker could force an SSL connection to be
aborted in a particular state and cause an Apache child process to enter an
infinite loop, consuming CPU resources. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2004-0748 to
this issue.

Additionally, this update includes the following enhancements and bug
fixes:

- included an improved version of the mod_cgi module that correctly handles
concurrent output on stderr and stdout

- included support for direct lookup of SSL variables using %{SSL:...}
from mod_rewrite, or using %{...}s from mod_headers

- restored support for use of SHA1-encoded passwords

- added the mod_ext_filter module

Users of the Apache HTTP server should upgrade to these updated packages,
which contain backported patches that address these issues.




Solution : http://rhn.redhat.com/errata/RHSA-2004-349.html
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security

Cables, Connectors


Dell PowerEdge R720 Server - 2x8c CPU,256Gb RAM, 128Gb SSD/3x600Gb SAS, Proxmox picture

Dell PowerEdge R720 Server - 2x8c CPU,256Gb RAM, 128Gb SSD/3x600Gb SAS, Proxmox

$340.00



DELL PowerEdge R730XD 24x 2.5

DELL PowerEdge R730XD 24x 2.5" Server Dual 750W Dual Heatsink - BareBones TESTED

$299.99



Supermicro 4U 36 Bay Storage Server 2.4Ghz 8-C 128GB 1x1280W Rails TrueNAS ZFS picture

Supermicro 4U 36 Bay Storage Server 2.4Ghz 8-C 128GB 1x1280W Rails TrueNAS ZFS

$721.06



Dell PowerEdge R630 8SFF 2.6Ghz 20-Core 128GB Mem 4x1G RJ-45 NIC 2x750W PSU picture

Dell PowerEdge R630 8SFF 2.6Ghz 20-Core 128GB Mem 4x1G RJ-45 NIC 2x750W PSU

$399.04



INTEL XEON GOLD 6148 20 Core SR3B6 2.4GHZ 27.5MB Processor    @24 picture

INTEL XEON GOLD 6148 20 Core SR3B6 2.4GHZ 27.5MB Processor @24

$99.99



Intel Xeon Gold 6140 SR3AX 2.3GHz 18-Core Processor CPU picture

Intel Xeon Gold 6140 SR3AX 2.3GHz 18-Core Processor CPU

$39.99



Intel Xeon Gold 6138 2.0GHz 27.5MB 20-Core 125W LGA3647 SR3B5 picture

Intel Xeon Gold 6138 2.0GHz 27.5MB 20-Core 125W LGA3647 SR3B5

$46.00



Intel Xeon E5-2690V2 3.00GHz 10-Core (SR1A5) Processor CPU READ DESCRIPTION picture

Intel Xeon E5-2690V2 3.00GHz 10-Core (SR1A5) Processor CPU READ DESCRIPTION

$12.00



HP Workstation Z640 2x Xeon E5-2623V4 32GB Ram 512 SSD Quadro K420 Linux GA picture

HP Workstation Z640 2x Xeon E5-2623V4 32GB Ram 512 SSD Quadro K420 Linux GA

$243.59



Dell Precision Desktop Computer Xeon Tower 16GB RAM 4G W7100 250GB SSD Windows picture

Dell Precision Desktop Computer Xeon Tower 16GB RAM 4G W7100 250GB SSD Windows

$209.99



Discussions

No Discussions have been posted on this vulnerability.