Multiple vulnerabilities have been identified in Redhat, which could be exploited by attackers to execute arbitrary scripting code or cause a denial of service.
The first issue is caused by an error in the server-status page within the mod_status module when processing malformed data, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.
The second vulnerability is caused by an error in the mod_cache module when processing specially crafted HTTP requests, which could be exploited by attackers to cause the Apache child process handling that request to crash, creating a denial of service condition.
The third issue is caused by an error when sending signals, which could be exploited by a local attacker with the ability to run scripts on the Apache server to manipulate the scoreboard and cause arbitrary processes to be terminated, creating a denial of service condition.
ChangeLog
2007-06-28 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
