| VID |
22212 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The version of the Apache Web server is older than 1.3.28. Apache 1.x versions before 1.0.28 contain various vulnerabilities which may allow an attacker to crash this Web server remotely or locally.
Apache HTTP Server version 1.3.28 has been released in response to multiple vulnerabilities discovered. Apache is vulnerable to three potential security issues. The impact of these vulnerabilities includes denial of service, file descriptor leakage, and logging failures.
* Note: This check solely relied on the version number of the remote Apache server to assess this vulnerability, so this might be a false positive.
* References:
http://www.apache.org/dist/httpd/Announcement.html
* Platforms Affected:
Apache HTTP Server 1.x before 1.3.28
Windows Any version
UNIX/Linux Any version |
| Recommendation |
Upgrade to the latest version of Apache HTTP Server (1.3.28 later), available from the Apache Software Foundation download site, http://httpd.apache.org/download.cgi |
| Related URL |
CVE-2003-0460 (CVE) |
| Related URL |
8226 (SecurityFocus) |
| Related URL |
(ISS) |
|
