Lucene search

Gentoo Security Advisory GLSA 200310-04 (Apache)

Gentoo Security Advisory for Apache stack-based buffer overflows and CGI output redirection vulnerabilit

Reporter	Title	Published	Views	Family All 43
OpenVAS	Gentoo Security Advisory GLSA 200310-04 (Apache)	24 Sep 200800:00	–	openvas
OpenVAS	HP-UX Update for Apache mod_cgid HPSBUX00301	5 May 200900:00	–	openvas
OpenVAS	HP-UX Update for Apache mod_cgid HPSBUX00301	5 May 200900:00	–	openvas
OpenVAS	Slackware Advisory SSA:2003-308-01 apache security update	11 Sep 201200:00	–	openvas
OpenVAS	Gentoo Security Advisory GLSA 200310-03 (Apache)	24 Sep 200800:00	–	openvas
OpenVAS	Slackware: Security Advisory (SSA:2003-308-01)	10 Sep 201200:00	–	openvas
OpenVAS	Gentoo Security Advisory GLSA 200310-03 (Apache)	24 Sep 200800:00	–	openvas
securityvulns	[RHSA-2003:320-01] Updated httpd packages fix Apache security vulnerabilities	17 Dec 200300:00	–	securityvulns
securityvulns	NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+	17 Feb 200500:00	–	securityvulns
Tenable Nessus	Apache 2.0.x < 2.0.48 Multiple Vulnerabilities (OF, Info Disc.)	26 Sep 200300:00	–	nessus

Source	Link
securityspace	www.securityspace.com/smysecure/catid.html
bugs	www.bugs.gentoo.org/show_bug.cgi

# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.54499");
  script_version("2023-07-19T05:05:15+0000");
  script_tag(name:"last_modification", value:"2023-07-19 05:05:15 +0000 (Wed, 19 Jul 2023)");
  script_tag(name:"creation_date", value:"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)");
  script_cve_id("CVE-2003-0789", "CVE-2003-0542");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_name("Gentoo Security Advisory GLSA 200310-04 (Apache)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2008 E-Soft Inc.");
  script_family("Gentoo Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
  script_tag(name:"insight", value:"Multiple stack-based buffer overflows in mod_alias and mod_rewrite can
allow execution of arbitrary code and cause a denial of service, and a bug
in the way mod_cgid handles CGI redirect paths could result in CGI output
going to the wrong client.");
  script_tag(name:"solution", value:"It is recommended that all Gentoo Linux users who are running
net-misc/apache 2.x upgrade:

    # emerge sync
    # emerge -pv '>=net-www/apache-2.0.48'
    # emerge '>=net-www/apache-2.0.48'
    # emerge clean
    # /etc/init.d/apache2 restart

Please remember to update your config files in /etc/apache2 as --datadir
has been changed to /var/www/localhost.");

  script_xref(name:"URL", value:"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200310-04");
  script_xref(name:"URL", value:"http://bugs.gentoo.org/show_bug.cgi?id=32271");
  script_tag(name:"summary", value:"The remote host is missing updates announced in
advisory GLSA 200310-04.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("pkg-lib-gentoo.inc");
include("revisions-lib.inc");

res = "";
report = "";
report = "";
if ((res = ispkgvuln(pkg:"net-www/apache", unaffected: make_list("ge 2.0.48", "lt 2.0"), vulnerable: make_list("lt 2.0.48"))) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99);
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

24 Sep 2008 00:00Current

6.7Medium risk

Vulners AI Score6.7

CVSS210

EPSS0.01563