Description: | Summary: The remote host is missing an update for the 'apache2' package(s) announced via the referenced advisory.
Vulnerability Insight: Martin Holst Swende discovered that the mod_headers module allowed HTTP trailers to replace HTTP headers during request processing. A remote attacker could possibly use this issue to bypass RequestHeaders directives. (CVE-2013-5704)
Mark Montague discovered that the mod_cache module incorrectly handled empty HTTP Content-Type headers. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-3581)
Teguh P. Alko discovered that the mod_proxy_fcgi module incorrectly handled long response headers. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.10. (CVE-2014-3583)
It was discovered that the mod_lua module incorrectly handled different arguments within different contexts. A remote attacker could possibly use this issue to bypass intended access restrictions. This issue only affected Ubuntu 14.10. (CVE-2014-8109)
Guido Vranken discovered that the mod_lua module incorrectly handled a specially crafted websocket PING in certain circumstances. A remote attacker could possibly use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.10. (CVE-2015-0228)
Affected Software/OS: apache2 on Ubuntu 14.10, Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, Ubuntu 10.04 LTS
Solution: Please Install the Updated Packages.
CVSS Score: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
|