Has LS-WSGL/R1 the High / CVSS Base Score : 7.5 ? HELP !!!

chenmu · June 13, 2009, 08:48:05 AM

Sir

By Nessus 3.0.6.1 Build W321 (Nessus website: http://www.nessus.org/">www.nessus.org ) tested the LS-WSGL/R1a .

There is :

http (80/tcp)

Synopsis :

The remote version of Apache is vulnerable to an off-by-one buffer
overflow attack.

Description :

The remote host appears to be running a version of Apache which is
older than 1.3.37.

This version contains an off-by-one buffer overflow in the mod_rewrite
module.

See Also :

http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048265.html">http://lists.grok.org.uk/piperma ... 06-July/048265.html
http://www.apache.org/dist/httpd/CHANGES_1.3">http://www.apache.org/dist/httpd/CHANGES_1.3
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048269.html">http://lists.grok.org.uk/piperma ... 06-July/048269.html

Solution:

Upgrade to version 1.3.37 or later.

Risk Factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC/Au:N/C/I/A)

Plugin output :

According to its banner, Apache version 1.3.34 is installed on the
remote host.

CVE : CVE-2006-3747
BID : 19204
Other references : OSVDB:27588
Plugin ID : 31654

Help !!!

THX

chenmu

Message Edited by chenmu on 06-13-2009 08:50 AM

Message Edited by chenmu on 06-13-2009 08:51 AM

News: