Debian: DSA 188-1 Critical: Apache-SSL Denial of Service and XSS
debian
November 5, 2002
There are vulnerabilities that could allow an attacker to enact a denial of service against a server or execute a cross scripting attack, or steal cookies from other web site users
Summary
According to David Wagner, iDEFENSE and the Apache HTTP Server
Project, several vulnerabilities have been found in the Apache
package, a commonly used webserver. Most of the code is shared
between the Apache and Apache-SSL packages, so vulnerabilities are
shared as well. These vulnerabilities could allow an attacker to
enact a denial of service against a server or execute a cross
scripting attack, or steal cookies from other web site users.
Vulnerabilities in the included lecacy programs htdigest, htpasswd and
ApacheBench can be exploited when called via CGI. Additionally the
insecure temporary file creation in htdigest and htpasswd can also be
exploited locally. The Common Vulnerabilities and Exposures (CVE)
project identified the following vulnerabilities:
1. CAN-2002-0839: A vulnerability exists on platforms using System V
shared memory based scoreboards. This vulnerability allows an
attacker to execute code under the Apache UID to exploit the Apache
shared memory scoreboard forma...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: apache-ssl
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!