Web Insecurity » Mandriva Apache Mod

Mandriva Apache Mod_Proxy Problems

September 15th, 2008

Problems with Apache’s mod_proxy in Mandriva have been resolved with updated packages. A DOS in the regular module and an XSS in the ftp module.

Mandriva Linux Security Advisory MDVSA-2008:195
http://www.securityfocus.com/archive/1/496352
Problem Description:

A vulnerability was discovered in the mod_proxy module in Apache where
it did not limit the number of forwarded interim responses, allowing
remote HTTP servers to cause a denial of service (memory consumption)
via a large number of interim responses (CVE-2008-2364).

A cross-site scripting vulnerability was found in the mod_proxy_ftp
module in Apache that allowed remote attackers to inject arbitrary
web script or HTML via wildcards in a pathname in an FTP URI
(CVE-2008-2939).

The updated packages have been patched to prevent these issues.

Entry Filed under: Server Security

Trackback this post

Calendar

September 2008
M	T	W	T	F	S	S
« Jan		Oct »
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

Most Recent Posts

Adobe PDF Exploit
Early Friday Favourite
Feb 6th 09 Friday Favourite
Trojan in iWork09 - Friday Favourite
Friday Favourite Jan 16th 2009
Internet Censorship
Average number of advisories per day
Are IP Addresses Personal Information?
Kernell Faces Possible Jail Time
Server Outage, Lost Posts