Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.60686
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2008:0005
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing updates announced in
advisory RHSA-2008:0005.

The Apache HTTP Server is a popular Web server.

A flaw was found in the mod_imap module. On sites where mod_imap was
enabled and an imagemap file was publicly available, a cross-site scripting
attack was possible. (CVE-2007-5000)

A flaw was found in the mod_autoindex module. On sites where directory
listings are used, and the AddDefaultCharset directive has been removed
from the configuration, a cross-site scripting attack was possible against
Web browsers which did not correctly derive the response character set
following the rules in RFC 2616. (CVE-2007-4465)

A flaw was found in the mod_proxy module. On sites where a reverse proxy is
configured, a remote attacker could send a carefully crafted request that
would cause the Apache child process handling that request to crash. On
sites where a forward proxy is configured, an attacker could cause a
similar crash if a user could be persuaded to visit a malicious site using
the proxy. This could lead to a denial of service if using a threaded
Multi-Processing Module. (CVE-2007-3847)

A flaw was found in the mod_status module. On sites where mod_status was
enabled and the status pages were publicly available, a cross-site
scripting attack was possible. (CVE-2007-6388)

A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp
was enabled and a forward proxy was configured, a cross-site scripting
attack was possible against Web browsers which did not correctly derive the
response character set following the rules in RFC 2616. (CVE-2008-0005)

Users of Apache httpd should upgrade to these updated packages, which
contain backported patches to resolve these issues. Users should restart
httpd after installing this update.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0005.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Medium

CVSS Score:
5.0

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2007-3847
AIX APAR: PK50469
http://www-1.ibm.com/support/docview.wss?uid=swg1PK50469
AIX APAR: PK52702
http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
BugTraq ID: 25489
http://www.securityfocus.com/bid/25489
Bugtraq: 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server (Google Search)
http://www.securityfocus.com/archive/1/505990/100/0/threaded
Cert/CC Advisory: TA08-150A
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html
http://security.gentoo.org/glsa/glsa-200711-06.xml
HPdes Security Advisory: HPSBUX02273
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588
HPdes Security Advisory: SSRT071476
http://www.mandriva.com/security/advisories?name=MDKSA-2007:235
http://marc.info/?l=apache-cvs&m=118592992309395&w=2
http://marc.info/?l=apache-httpd-dev&m=118595556504202&w=2
http://marc.info/?l=apache-httpd-dev&m=118595953217856&w=2
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E
http://lists.vmware.com/pipermail/security-announce/2009/000062.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10525
http://www.redhat.com/support/errata/RHSA-2007-0746.html
http://www.redhat.com/support/errata/RHSA-2007-0747.html
http://www.redhat.com/support/errata/RHSA-2007-0911.html
http://www.redhat.com/support/errata/RHSA-2008-0005.html
http://www.securitytracker.com/id?1018633
http://secunia.com/advisories/26636
http://secunia.com/advisories/26722
http://secunia.com/advisories/26790
http://secunia.com/advisories/26842
http://secunia.com/advisories/26952
http://secunia.com/advisories/26993
http://secunia.com/advisories/27209
http://secunia.com/advisories/27563
http://secunia.com/advisories/27593
http://secunia.com/advisories/27732
http://secunia.com/advisories/27882
http://secunia.com/advisories/27971
http://secunia.com/advisories/28467
http://secunia.com/advisories/28606
http://secunia.com/advisories/28749
http://secunia.com/advisories/28922
http://secunia.com/advisories/29420
http://secunia.com/advisories/30430
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748
SuSE Security Announcement: SUSE-SA:2007:061 (Google Search)
http://www.novell.com/linux/security/advisories/2007_61_apache2.html
http://www.ubuntu.com/usn/usn-575-1
http://www.vupen.com/english/advisories/2007/3020
http://www.vupen.com/english/advisories/2007/3095
http://www.vupen.com/english/advisories/2007/3283
http://www.vupen.com/english/advisories/2007/3494
http://www.vupen.com/english/advisories/2007/3955
http://www.vupen.com/english/advisories/2008/0233
http://www.vupen.com/english/advisories/2008/0924/references
http://www.vupen.com/english/advisories/2008/1697
Common Vulnerability Exposure (CVE) ID: CVE-2007-4465
BugTraq ID: 25653
http://www.securityfocus.com/bid/25653
Bugtraq: 20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/479237/100/0/threaded
HPdes Security Advisory: HPSBUX02365
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432
HPdes Security Advisory: HPSBUX02431
http://marc.info/?l=bugtraq&m=124654546101607&w=2
HPdes Security Advisory: HPSBUX02465
http://marc.info/?l=bugtraq&m=125631037611762&w=2
HPdes Security Advisory: SSRT080118
HPdes Security Advisory: SSRT090085
HPdes Security Advisory: SSRT090192
http://www.mandriva.com/security/advisories?name=MDVSA-2008:014
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089
http://www.redhat.com/support/errata/RHSA-2008-0004.html
http://www.redhat.com/support/errata/RHSA-2008-0006.html
http://www.redhat.com/support/errata/RHSA-2008-0008.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://securitytracker.com/id?1019194
http://secunia.com/advisories/28471
http://secunia.com/advisories/28607
http://secunia.com/advisories/31651
http://secunia.com/advisories/33105
http://secunia.com/advisories/35650
http://securityreason.com/securityalert/3113
http://securityreason.com/achievement_securityalert/46
XForce ISS Database: apache-utf7-xss(36586)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36586
Common Vulnerability Exposure (CVE) ID: CVE-2007-5000
AIX APAR: PK58024
http://www-1.ibm.com/support/docview.wss?uid=swg1PK58024
AIX APAR: PK58074
http://www-1.ibm.com/support/docview.wss?uid=swg1PK58074
AIX APAR: PK63273
http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273
AIX APAR: PK65782
http://www-1.ibm.com/support/docview.wss?uid=swg24019245
BugTraq ID: 26838
http://www.securityfocus.com/bid/26838
Bugtraq: 20080716 rPSA-2008-0035-1 httpd mod_ssl (Google Search)
http://www.securityfocus.com/archive/1/494428/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html
HPdes Security Advisory: HPSBMA02388
http://www.securityfocus.com/archive/1/498523/100/0/threaded
HPdes Security Advisory: HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: HPSBUX02308
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
HPdes Security Advisory: SSRT080010
HPdes Security Advisory: SSRT080059
HPdes Security Advisory: SSRT090208
http://www.mandriva.com/security/advisories?name=MDVSA-2008:015
http://www.mandriva.com/security/advisories?name=MDVSA-2008:016
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
http://www.osvdb.org/39134
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9539
http://www.redhat.com/support/errata/RHSA-2008-0007.html
http://www.redhat.com/support/errata/RHSA-2008-0009.html
http://securitytracker.com/id?1019093
http://secunia.com/advisories/28046
http://secunia.com/advisories/28073
http://secunia.com/advisories/28081
http://secunia.com/advisories/28196
http://secunia.com/advisories/28375
http://secunia.com/advisories/28525
http://secunia.com/advisories/28526
http://secunia.com/advisories/28750
http://secunia.com/advisories/28977
http://secunia.com/advisories/29640
http://secunia.com/advisories/29806
http://secunia.com/advisories/29988
http://secunia.com/advisories/30356
http://secunia.com/advisories/30732
http://secunia.com/advisories/31142
http://secunia.com/advisories/32800
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1
SuSE Security Announcement: SUSE-SA:2008:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
http://www.vupen.com/english/advisories/2007/4201
http://www.vupen.com/english/advisories/2007/4202
http://www.vupen.com/english/advisories/2007/4301
http://www.vupen.com/english/advisories/2008/0084
http://www.vupen.com/english/advisories/2008/0178
http://www.vupen.com/english/advisories/2008/0398
http://www.vupen.com/english/advisories/2008/0809/references
http://www.vupen.com/english/advisories/2008/1224/references
http://www.vupen.com/english/advisories/2008/1623/references
http://www.vupen.com/english/advisories/2008/1875/references
XForce ISS Database: apache-modimagemap-xss(39002)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39002
XForce ISS Database: apache-modimap-xss(39001)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39001
Common Vulnerability Exposure (CVE) ID: CVE-2007-6388
AIX APAR: PK59667
http://www-1.ibm.com/support/search.wss?rs=0&q=PK59667&apar=only
AIX APAR: PK62966
http://www-1.ibm.com/support/docview.wss?uid=swg1PK62966
BugTraq ID: 27237
http://www.securityfocus.com/bid/27237
HPdes Security Advisory: HPSBUX02313
http://www.securityfocus.com/archive/1/488082/100/0/threaded
HPdes Security Advisory: SSRT080015
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10272
http://securitytracker.com/id?1019154
http://secunia.com/advisories/28965
http://secunia.com/advisories/29504
http://secunia.com/advisories/33200
http://securityreason.com/securityalert/3541
http://www.vupen.com/english/advisories/2008/0047
http://www.vupen.com/english/advisories/2008/0447/references
http://www.vupen.com/english/advisories/2008/0554
http://www.vupen.com/english/advisories/2008/0986/references
XForce ISS Database: apache-status-page-xss(39472)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39472
Common Vulnerability Exposure (CVE) ID: CVE-2008-0005
BugTraq ID: 27234
http://www.securityfocus.com/bid/27234
Bugtraq: 20080110 SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/486167/100/0/threaded
http://security.gentoo.org/glsa/glsa-200803-19.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10812
http://www.securitytracker.com/id?1019185
http://secunia.com/advisories/29348
http://securityreason.com/securityalert/3526
http://securityreason.com/achievement_securityalert/49
XForce ISS Database: apache-modproxyftp-utf7-xss(39615)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39615
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.