Description: | Description:
The remote host is missing updates announced in advisory CLSA-2005:1013.
CVE-2004-0885 When using the 'SSLCipherSuite' directive in directory or location context, Apache may allow remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
CVE-2005-2491 Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in Apache, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. This update links Apache with system's libpcre, which is already fixed.
CVE-2005-2700 When using 'SSLVerifyClient optional' in the global virtual host configuration, Apache does not properly enforce 'SSLVerifyClient require' in a per-location context, which allows remote attackers to bypass intended access restrictions.
CVE-2005-2728 The byte-range filter in Apache allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.Solution:
The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade'
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001013 http://apache.httpd.org/
Risk factor : Critical
CVSS Score: 10.0
|