Description: | Description:
The remote host is missing updates announced in advisory RHSA-2007:0532.
The Apache HTTP Server is a popular Web server.
The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker who has the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated, which could lead to a denial of service. (CVE-2007-3304)
A flaw was found in the Apache HTTP Server mod_status module. Sites with the server-status page publicly accessible and ExtendedStatus enabled were vulnerable to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752)
Users of Apache should upgrade to these updated packages, which contain backported patches to correct these issues. Users should restart Apache after installing this update.
Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date
http://rhn.redhat.com/errata/RHSA-2007-0532.html http://www.redhat.com/security/updates/classification/#moderate
Risk factor : Medium
CVSS Score: 4.7
|