« Sun Alert 247566... | Main | Sun Alert 248646... »
17 Dec 2008 Sun Alert 247666 Security Vulnerabilities in the Apache 2.0 "mod_proxy_http" and "mod_proxy_ftp" Modules may Lead to Denial of Service (DoS) or Cross Site Scripting (XSS)
posted by security in Alerts
Product: Solaris 10 Operating System

Two security vulnerabilities have been found in the Apache HTTP server that affect the Apache 2.0 web server bundled with Solaris 10:

1. A  Denial of Service (DoS) vulnerability in the "mod_proxy_http" Apache server module (CVE-2008-2364), may allow a remote unprivileged user who is in control of a web server to which requests may be proxied, to cause a denial of service to the Apache
"httpd" process (or potentially to the system as a whole as the application may consume excessive resources).

2. A  Cross Site Scripting (CSS or XSS) vulnerability in the "mod_proxy_ftp" Apache server module (CVE-2008-2939), may allow a remote unprivileged user to inject arbitrary web script or HTML. This may allow the unprivileged user to bypass access control and gain access
to unauthorized data.

These issues are described in the following documents:

CVE-2008-2364 at:

CVE-2008-2939 at:

State: Resolved
First released: 15-Dec-2008
Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-247666-1
Permalink |
Comments:

Post a Comment:

Comments are closed for this entry.

« Sun Alert 247566... | Main | Sun Alert 248646... »

Sun Certified Security Administrator

Download Solaris
Patches and Updates
Download Solaris Security Toolkit

« November 2009
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
     
       
Today


Company Info   |   Contact   |   Terms of Use   |   Privacy   |   Trademarks   |   Copyright 2008 Sun Microsystems, Inc.