Detections
Analytics
RHEL 2.1 : apache (RHSA-2006:0158)
medium Nessus Plugin ID 20733
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1.This update has been rated as having moderate security impact by the Red Hat Security Response Team.
The Apache HTTP Server is a popular and freely-available Web server.
A flaw in mod_imap when using the Referer directive with image maps was discovered. With certain site configurations, a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3352 to this issue.
Users of apache should upgrade to these updated packages, which contain a backported patch to correct this issue.
Solution
Update the affected apache, apache-devel and / or apache-manual packages.See Also
Plugin Details
Severity: Medium
ID: 20733
File Name: redhat-RHSA-2006-0158.nasl
Version: 1.26
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 1/17/2006
Updated: 1/14/2021
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.0
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:apache-manual, cpe:/o:redhat:enterprise_linux:2.1, p-cpe:/a:redhat:enterprise_linux:apache, p-cpe:/a:redhat:enterprise_linux:apache-devel
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 1/17/2006
Vulnerability Publication Date: 12/13/2005
Reference Information
CVE: CVE-2005-3352
BID: 15834
RHSA: 2006:0158