| VID |
22451 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
A version of Apache HTTP Server which is older than 2.2.6 is detected as running on the host. Apache 2.2.x versions prior to 2.2.6 contain various vulnerabilities, which could be exploited by attackers to obtain sensitive information, execute arbitrary scripting code, or cause a denial of service.
- A denial of service vulnerability in mod_proxy.
- A local denial of service vulnerability associated with the Prefork MPM module.
- An information leak in mod_cache.
- A denial of service vulnerability in mod_cache.
- A cross-site scripting vulnerability in mod_status and mod_autoindex.
* Note: This check solely relied on the version number of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.apache.org/dist/httpd/CHANGES_2.2.6
http://httpd.apache.org/security/vulnerabilities_13.html
http://httpd.apache.org/security/vulnerabilities_20.html
http://httpd.apache.org/security/vulnerabilities_22.html
http://securitytracker.com/alerts/2007/Jun/1018302.html
http://www.frsirt.com/english/advisories/2007/2727
http://secunia.com/advisories/26273
* Platforms Affected:
Apache HTTP Server versions 2.2.x prior to 2.2.6
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Apache HTTP Server (2.2.6 or later), available from the Apache Software Foundation Web site at http://httpd.apache.org/
-- OR --
As a workaround, ensure that the affected modules are not in use. |
| Related URL |
CVE-2006-5752,CVE-2007-1862,CVE-2007-1863,CVE-2007-3303,CVE-2007-3304,CVE-2007-3847,CVE-2007-4465 (CVE) |
| Related URL |
24215,24553,24645,24649,25489,25653 (SecurityFocus) |
| Related URL |
34963,34984,35095,35097,35384,36354,36586,37177,37178 (ISS) |
|
