|
|
|
Vulnerability Note VU#927256MandrakeSoft Mandrake Linux Apache default configuration enables Perl ProxyPass server on 8200/tcpOverviewThe default installation of Apache on MandrakeSoft Mandrake Linux configures an instance of the server to run apache-mod_perl listening on port 8200/tcp.I. DescriptionMandrakeSoft produces a Linux distribution called Mandrake Linux that includes the Apache web server. The default installation of Apache on Mandrake Linux configures apache-mod_perl to listen on port 8200/tcp. Requests made to the main web server for directories containing Perl programs are proxied internally by Apache to the apache-mod_perl service running on port 8200/tcp. This configuration is called ProxyPass as referenced in Apache's mod_perl performance tuning document. Although all Apache servers on a system share configuration information contained in /etc/httpd/conf/commonhttpd.conf, it is possible that security settings between the two servers are different, and administrators may not expect apache-mod_perl running on port 8200/tcpII. ImpactAdministrators may not be aware that an HTTPD service is listening on 8200/tcp. Also, it is possible that the security settings for the service on 8200/tcp differ from the service running on 80/tcp.III. SolutionInstall Updated PackageInstall an updated Apache package when available.
References
The CERT Coordination Center thanks ProCheckup Ltd for reporting this vulnerability. This document was written by Art Manion.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||
Get Adobe Reader