Rapid7 Vulnerability & Exploit Database

RHSA-2003:186: Updated httpd packages fix Apache security vulnerabilities

Back to Search

RHSA-2003:186: Updated httpd packages fix Apache security vulnerabilities

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
06/09/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated httpd packages that fix two security issues are now available for Red Hat Linux 8.0 and 9.

The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. A bug in Apache 2.0 through 2.0.45 allows remote attackers to cause a denial of service, and may allow execution of arbitrary code. This bug affects both Red Hat Linux 8.0 and 9. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0245 to this issue. A build system problem in Apache 2.0 through 2.0.45 allows remote attackers to cause a denial of access to authenticated content when a threaded server is used. This bug affects only Red Hat Linux 9 when the threaded server "httpd.worker" has been configured, which is not the default. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0189 to this issue. All users of the Apache HTTP Web Server are advised to upgrade to the applicable errata packages, which contain back-ported fixes correcting these issues, and applied to Apache version 2.0.40. After the errata packages are installed, restart the Web service by running the following command: /sbin/service httpd restart Red Hat would like to thank iDefense who initially discovered CAN-2003-0245 and John Hughes for CAN-2003-0189.

Solution(s)

  • redhat-upgrade-httpd
  • redhat-upgrade-httpd-devel
  • redhat-upgrade-httpd-manual
  • redhat-upgrade-mod_ssl

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;