| Beschreibung: | Summary:
The remote host is missing an update for the 'apache' package(s) announced via the MGASA-2014-0305 advisory.
Vulnerability Insight:
A race condition flaw, leading to heap-based buffer overflows, was found in
the mod_status httpd module. A remote attacker able to access a status page
served by mod_status on a server using a threaded Multi-Processing Module
(MPM) could send a specially crafted request that would cause the httpd
child process to crash or, possibly, allow the attacker to execute
arbitrary code with the privileges of the 'apache' user (CVE-2014-0226).
A denial of service flaw was found in the mod_proxy httpd module. A remote
attacker could send a specially crafted request to a server configured as a
reverse proxy using a threaded Multi-Processing Modules (MPM) that would
cause the httpd child process to crash (CVE-2014-0117).
A denial of service flaw was found in the way httpd's mod_deflate module
handled request body decompression (configured via the 'DEFLATE' input
filter). A remote attacker able to send a request whose body would be
decompressed could use this flaw to consume an excessive amount of system
memory and CPU on the target system (CVE-2014-0118).
A denial of service flaw was found in the way httpd's mod_cgid module
executed CGI scripts that did not read data from the standard input.
A remote attacker could submit a specially crafted request that would cause
the httpd child process to hang indefinitely (CVE-2014-0231).
Affected Software/OS:
'apache' package(s) on Mageia 4.
Solution:
Please install the updated package(s).
CVSS Score:
6.8
CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
