| VID |
22202 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The version of the Apache Web server is older than 2.0.46. The Apache 2.x versions prior to 2.0.46 have multiple vulnerabilities like the following:
1. A vulnerability in the authentication module for Apache 2.0.40 through 2.0.45 may allow remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) under certain conditions.
2. A vulnerability in the mod_dav module of Apache 2.0.37 through 2.0.45 may allow remote attackers to crash the server or even to remotely execute arbitrary code under the strict conditions
mod_dav is an open-source Apache module that provides Distributed Authoring and Versioning (DAV) capabilities to the Apache HTTP Server. More information is available at
http://www.webdav.org/mod_dav/ .
* Note: This check solely relied on the version number of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.securityfocus.com/archive/1/323337
http://www.idefense.com/advisory/05.30.03.txt
http://www.apache.org/dist/httpd/Announcement2.html
http://marc.theaimsgroup.com/?l=bugtraq&m=105418115512559&w=2
http://www.redhat.com/support/errata/RHSA-2003-186.html
* Platforms Affected:
Apache HTTP Server 2.0.37 through 2.0.45
Windows Any version
UNIX/Linux Any version |
| Recommendation |
Upgrade to the latest version of Apache HTTP Server (2.0.46 later), available from the Apache Software Foundation download site, http://httpd.apache.org/download.cgi |
| Related URL |
CVE-2003-0189,CVE-2003-0245 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
