Detections
Analytics
Mandrake Linux Security Advisory : apache2 (MDKSA-2003:050)
medium Nessus Plugin ID 14034
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
A memory leak was discovered in Apache 2.0 through 2.0.44 that can allow a remote attacker to cause a significant denial of service (DoS) by sending requests containing a lot of linefeed characters to the server.As well, Apache does not filter terminal escape sequences from its log files, which could make it easy for an attacker to insert those sequences into the error and access logs, which could possibly be viewed by certain terminal emulators with vulnerabilities related to escape sequences.
After upgrading these packages, be sure to restart the httpd server by executing :
service httpd restart
Solution
Update the affected packages.Plugin Details
Severity: Medium
ID: 14034
File Name: mandrake_MDKSA-2003-050.nasl
Version: 1.17
Type: local
Family: Mandriva Local Security Checks
Published: 7/31/2004
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:apache2, p-cpe:/a:mandriva:linux:apache2-common, p-cpe:/a:mandriva:linux:apache2-devel, p-cpe:/a:mandriva:linux:apache2-manual, p-cpe:/a:mandriva:linux:apache2-mod_dav, p-cpe:/a:mandriva:linux:apache2-mod_ldap, p-cpe:/a:mandriva:linux:apache2-mod_ssl, p-cpe:/a:mandriva:linux:apache2-modules, p-cpe:/a:mandriva:linux:apache2-source, p-cpe:/a:mandriva:linux:libapr0, cpe:/o:mandrakesoft:mandrake_linux:9.1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 4/22/2003
Reference Information
CVE: CVE-2003-0020, CVE-2003-0083, CVE-2003-0132
MDKSA: 2003:050