Web Browser 로는 FTP 접속이 불가능 합니다.

문서번호 : 1184249637
업데이트 : 2007.07.12


상세내용

1.3.37-4 update

- add MaxClientServNum directive
- fixed CVE-2006-5752
- fixed CVE-2007-3304

CVE-2006-5752:
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status
module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a
public server-status page is used, allows remote attackers to inject arbitrary
web script or HTML via unspecified vectors involving charsets with browsers
that perform "charset detection" when the content-type is not specified. 

CVE-2007-3304:
Apache httpd 1.3.37, and 2.2.4 with the Prefork MPM module, allows local
users to cause a denial of service by modifying the worker_score and
process_score arrays to reference an arbitrary process ID, which is sent
a SIGUSR1 signal from the master process, aka "SIGUSR1 killer." 


Autoupdates 지원 : Packages System
  pkgadd -F "apache*"


update 패키지

  RPMS :

    . apache-1.3.37-4.i686.rpm
    . apache-devel-1.3.37-4.i686.rpm

  SRPMS :

    . apache-1.3.37-4.src.rpm


참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304