Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Mandrake Local Security Checks
Title:Mandriva Update for apache MDVSA-2011:144 (apache)
Summary:The remote host is missing an update for the 'apache'; package(s) announced via the referenced advisory.
The remote host is missing an update for the 'apache'
package(s) announced via the referenced advisory.

Vulnerability Insight:
A vulnerability has been discovered and corrected in apache:

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,
2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly
interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern
matches for configuration of a reverse proxy, which allows remote
attackers to send requests to intranet servers via a malformed URI
containing an initial \@ (at sign) character (CVE-2011-3368).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. The updated packages have been patched to correct this issue.

Affected Software/OS:
apache on Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64

Please Install the Updated Packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-3368
BugTraq ID: 49957
Debian Security Information: DSA-2405 (Google Search)
HPdes Security Advisory: HPSBMU02748
HPdes Security Advisory: HPSBOV02822
HPdes Security Advisory: SSRT100772
HPdes Security Advisory: SSRT100966
RedHat Security Advisories: RHSA-2012:0542
RedHat Security Advisories: RHSA-2012:0543
SuSE Security Announcement: SUSE-SU-2011:1229 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:0243 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:0248 (Google Search)
XForce ISS Database: apache-modproxy-information-disclosure(70336)
CopyrightCopyright (c) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.