| VID |
22494 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
According to its banner, the version of Apache 2.2 installed on the remote host is older than 2.2.16. Such versions are potentially affected by multiple vulnerabilities :
- A denial-of-service vulnerability in mod_cache and mod_dav. (CVE-2010-1452)
- An information disclosure vulnerability in mod_proxy_ajp, mod_reqtimeout, and mod_proxy_http relating to timeout conditions. Note that this issue only affects Apache on Windows, Netware, and OS/2. (CVE-2010-2068)
Note that the remote web server may not actually be affected by these vulnerabilities. Nessus did not try to determine whether the affected modules are in use or to check for the issues themselves.
* Note: This check solely relied on the version number of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://httpd.apache.org/security/vulnerabilities_22.html
https://issues.apache.org/bugzilla/show_bug.cgi?id=49246
https://issues.apache.org/bugzilla/show_bug.cgi?id=49417
http://www.apache.org/dist/httpd/CHANGES_2.2.16
* Platforms Affected:
Apache HTTP versions prior to 2.2.16
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Apache HTTP Server (2.2.16 or later), available from the Apache Software Foundation download site, http://httpd.apache.org/download.cgi
-- OR --
As a workaround, ensure that the affected modules are not in use. |
| Related URL |
CVE-2010-1452,CVE-2010-2068 (CVE) |
| Related URL |
40827,41963 (SecurityFocus) |
| Related URL |
(ISS) |
|
