Gentoo Local Security Checks : Gentoo Security Advisory GLSA 201206-27 (mini

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.71553

Category: Gentoo Local Security Checks

Title: Gentoo Security Advisory GLSA 201206-27 (mini_httpd)

Summary: The remote host is missing updates announced in;advisory GLSA 201206-27.

Description: Summary:
The remote host is missing updates announced in
advisory GLSA 201206-27.

Vulnerability Insight:
A vulnerability in mini_httpd could allow remote attackers to
execute arbitrary code.

Solution:
Gentoo discontinued support for mini_httpd. We recommend that users
unmerge mini_httpd:

# emerge --unmerge 'www-servers/mini_httpd'

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-4490
Bugtraq: 20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection (Google Search)
http://www.securityfocus.com/archive/1/508830/100/0/threaded
http://www.ush.it/team/ush/hack_httpd_escape/adv.txt

Copyright Copyright (C) 2012 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.71553
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 201206-27 (mini_httpd)
Summary:	The remote host is missing updates announced in;advisory GLSA 201206-27.
Description:	Summary: The remote host is missing updates announced in advisory GLSA 201206-27. Vulnerability Insight: A vulnerability in mini_httpd could allow remote attackers to execute arbitrary code. Solution: Gentoo discontinued support for mini_httpd. We recommend that users unmerge mini_httpd: # emerge --unmerge 'www-servers/mini_httpd' CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4490 Bugtraq: 20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection (Google Search) http://www.securityfocus.com/archive/1/508830/100/0/threaded http://www.ush.it/team/ush/hack_httpd_escape/adv.txt
Copyright	Copyright (C) 2012 E-Soft Inc.