1 www-servers/apache < 2.2.8 >= 2.2.8
Description
===========
Adrian Pastor and Amir Azam (ProCheckUp) reported that the HTTP Method
specifier header is not properly sanitized when the HTTP return code is
"413 Request Entity too large" (CVE-2007-6203). The mod_proxy_balancer
module does not properly check the balancer name before using it
(CVE-2007-6422). The mod_proxy_ftp does not define a charset in its
answers (CVE-2008-0005). Stefano Di Paola (Minded Security) reported
References:
http://moodle.org/mod/forum/discuss.php?d=101401
http://www.procheckup.com/Vulnerabilities.php
Credits: Adrian Pastor and Amir Azam of ProCheckUp Ltd. (www.procheckup.com)
ProCheckUp would like to thank Petr Skoda and the rest of the Moodle
team for their excellent response time and cooperation towards resolving
this matter.
[4] "More Expect Exploitation In Flash"
http://ha.ckers.org/blog/20071103/more-expect-exploitation-in-flash/
Credits: Adrian Pastor and Amir Azam of ProCheckUp Ltd (www.procheckup.com).
Special thanks go to Amit Klein and Joe Orton for providing such valuable feedback.
References:
http://moodle.org/mod/forum/discuss.php?d=101405
http://www.procheckup.com/Vulnerabilities.php
Credits: Amir Azam and Adrian Pastor of ProCheckUp Ltd. (www.procheckup.com)
ProCheckUp would like to thank Petr Skoda and the rest of the Moodle
team for their excellent response time and cooperation towards resolving
this matter.
