Description: | Description: The remote host is missing an update to httpd announced via advisory FEDORA-2010-5942.
Update Information:
The Apache HTTP Server Project is proud to announce the release of version 2.2.15 of the Apache HTTP Server (httpd). This version is principally a security and bugfix release. Notably, this release was updated to reflect the OpenSSL Project's release 0.9.8m of the openssl library, and addresses CVE-2009-3555 (cve.mitre.org), the TLS renegotiation prefix injection attack. This release further addresses the issues CVE-2010-0408 and CVE-2010-0434 within mod_proxy_ajp and mod_headers respectively. See the upstream changes file for further information: http://www.apache.org/dist/httpd/CHANGES_2.2.15
References:
[ 1 ] Bug #569905 - CVE-2010-0408 httpd: mod_proxy_ajp remote temporary DoS https://bugzilla.redhat.com/show_bug.cgi?id=569905 [ 2 ] Bug #570171 - CVE-2010-0434 httpd: request header information leak https://bugzilla.redhat.com/show_bug.cgi?id=570171
Solution: Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update httpd' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2010-5942
Risk factor : High
CVSS Score: 5.8
|