Description: | Description:
The remote host is missing updates announced in advisory CLA-2001:430.
Apache is a robust, commercial-grade web server.
Security problems have been found in the Apache packages shipped with all versions of Conectiva Linux. This update fixes the following vulnerabilities:
* A intentionally malformed Host: header could allow any file with a .log extention to be overwritten due to a problem in the split-logfile script. Conectiva Linux does not ship split-logfile, but users who may have installed this script manually are thus advised to check their systems for this vulnerability. [1]
* When Multiviews are used to negotiate the directory index, under certain conditions a request for the URI /?M=D could return a directory listing rather than negotiated content. [2] [3]
Additionally, this update solves a problem in mod_bandwidth shipped with Conectiva Linux 7.0. [4]
REFERENCES
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0730 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0731 [3] http://www.securityfocus.com/bid/3009 [4] http://bugzilla.conectiva.com.br/show_bug.cgi?id=4371
Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade'
http://www.securityspace.com/smysecure/catid.html?in=CLA-2001:430 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002001
Risk factor : Medium
CVSS Score: 5.0
|