FreeBSD Apache Multiple Vulnerabilities Fix Available
FreeBSD has issued updated version of its Apache package. This release considered as important and encourage users of all prior versions to upgrade.
Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unpsecified vectors.
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
How do I upgrade Apache under FreeBSD?
Simply run the following two commands:
# portsnap fetch extract
# portupgrade -a
# portversion
E-mail this to a Friend
Printable Version
Ubuntu / Kubuntu Ubuntu Ver. 8.10 and Linux Training Library 2DVD+CD
You may also be interested in other helpful articles:
- Take a FreeBSD Security Survey
- FreeBSD keep ports collection up to date in two easy steps
- FreeBSD Enable Security Port Auditing to Avoid Vulnerabilities With portaudit
- Force apache webserver to listen on all addresses except one ip address
- FreeBSD phpmyadmin — Cross Site Scripting Vulnerabilities Fix
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: apache http server, apache package, apache server, attackers, CVE-2007-6420, denial of service, forgery, FreeBSD, freebsd apache, freebsd apache upgrade, privileges, proxy module, proxy server, response function, servers, vectors, vulnerability



Recent Comments
Today ~ 3 Comments
Today ~ 7 Comments
Today ~ 21 Comments
Today ~ 1 Comment
Today ~ 10 Comments