Debian 3.0 Low: DSA 195-1 Critical Apache-Perl Denial Of Service
debian
November 13, 2002
These vulnerabilities could allow an attacker to enact a denial of service against a server or execute a cross site scripting attack, or steal cookies from other web site users.
Topics Covered
Summary
According to David Wagner, iDEFENSE and the Apache HTTP Server
Project, several vulnerabilities have been found in the Apache server
package, a commonly used webserver. Most of the code is shared
between the Apache and Apache-Perl packages, so vulnerabilities are
shared as well.
These vulnerabilities could allow an attacker to enact a denial of
service against a server or execute a cross site scripting attack, or
steal cookies from other web site users. The Common Vulnerabilities
and Exposures (CVE) project identified the following vulnerabilities:
1. CAN-2002-0839: A vulnerability exists on platforms using System V
shared memory based scoreboards. This vulnerability allows an
attacker to execute code under the Apache UID to exploit the Apache
shared memory scoreboard format and send a signal to any process as
root or cause a local denial of service attack.
2. CAN-2002-0840: Apache is susceptible to a cross site scripting
vulnerability in the default 404 page of any web server ho...
PREVIOUS
NEXT
Severity
low
Lowest
Low
Medium
High
Critical
Package: apache-perl
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!