Korean

<< Back VID 22594 Severity 30 Port 80, ... Protocol TCP Class WWW Detailed Description According to its banner, the version of Apache 2.0 installed on the remote host is older than 2.0.65. Such versions may be affected by several vulnerabilities : - A flaw exists in the byte-range filter, making it vulnerable to denial of service. (CVE-2011-3192) - A flaw exists in 'mod_proxy' where it doesn't properly interact with 'RewriteRule' and 'ProxyPassMatch' in reverse proxy configurations. (CVE-2011-3368) - A privilege escalation vulnerability exists relating to a heap-based buffer overflow in 'ap_pregsub' function in 'mod_setenvif' module via .htaccess file. (CVE-2011-3607) - A local security bypass vulnerability exists within scoreboard shared memory that may allow the child process to cause the parent process to crash. (CVE-2012-0031) - A flaw exists within the status 400 code when no custom ErrorDocument is specified that could disclose 'httpOnly' cookies. (CVE-2012-0053) - A flaw exists in the 'RewriteLog' function where it fails to sanitize escape sequences written to log files, which could result in arbitrary command execution. (CVE-2013-1862) * Note: This check solely relied on the version number of the remote Web server to assess this vulnerability, so this might be a false positive. * References: http://www.apache.org/dist/httpd/CHANGES_2.0.65 http://httpd.apache.org/security/vulnerabilities_20.html http://mail-archives.apache.org/mod_mbox/httpd-announce/201307.mbox/%3C20130710124920.2b8793ed.wrowe@rowe-clan.net%3E * Platforms Affected: Apache HTTP versions 2.0.x prior to 2.0.65 Any operating system Any version Recommendation Upgrade to the latest version of Apache HTTP Server (2.0.65 or later), available from the Apache Software Foundation download site, http://httpd.apache.org/download.cgi Related URL CVE-2011-3192,CVE-2011-3368,CVE-2011-3607,CVE-2012-0031,CVE-2012-0053,CVE-2013-1862 (CVE) Related URL 49303,49957,50494,51407,51706,59826 (SecurityFocus) Related URL (ISS)