blob: 26d6ee249e9a385c8a352b65ab2741f1c493a0b0 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200602-03">
<title>Apache: Multiple vulnerabilities</title>
Apache can be exploited for cross-site scripting attacks and is vulnerable
to a Denial of Service attack.
<product type="ebuild">Apache</product>
<announced>February 06, 2006</announced>
<revised>December 30, 2007: 03</revised>
<package name="www-servers/apache" auto="yes" arch="*">
<unaffected range="ge">2.0.55-r1</unaffected>
<unaffected range="rge">2.0.54-r16</unaffected>
<unaffected range="eq">1.3.34-r2</unaffected>
<unaffected range="rge">1.3.34-r11</unaffected>
<unaffected range="rge">1.3.37</unaffected>
<vulnerable range="lt">2.0.55-r1</vulnerable>
The Apache HTTP server is one of the most popular web servers on the
Internet. mod_imap provides support for server-side image maps; mod_ssl
provides secure HTTP connections.
Apache's mod_imap fails to properly sanitize the "Referer" directive of
imagemaps in some cases, leaving the HTTP Referer header unescaped. A
flaw in mod_ssl can lead to a NULL pointer dereference if the site uses
a custom "Error 400" document. These vulnerabilities were reported by
Marc Cox and Hartmut Keil, respectively.
<impact type="normal">
A remote attacker could exploit mod_imap to inject arbitrary HTML or
JavaScript into a user's browser to gather sensitive information.
Attackers could also cause a Denial of Service on hosts using the SSL
module (Apache 2.0.x only).
There is no known workaround at this time.
All Apache users should upgrade to the latest version, depending on
whether they still use the old configuration style
(/etc/apache/conf/*.conf) or the new one (/etc/apache2/httpd.conf).
2.0.x users, new style config:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=www-servers/apache-2.0.55-r1&quot;</code>
2.0.x users, old style config:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;=www-servers/apache-2.0.54-r16&quot;</code>
1.x users, new style config:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;=www-servers/apache-1.3.34-r11&quot;</code>
1.x users, old style config:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;=www-servers/apache-1.3.34-r2&quot;</code>
<uri link="">CVE-2005-3352</uri>
<uri link="">CVE-2005-3357</uri>
<metadata tag="requester" timestamp="Mon, 23 Jan 2006 08:56:54 +0000">
<metadata tag="submitter" timestamp="Fri, 27 Jan 2006 06:31:39 +0000">
<metadata tag="bugReady" timestamp="Mon, 06 Feb 2006 06:26:14 +0000">