Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.1.2.2019.2669 |
Kategorie: | Huawei EulerOS Local Security Checks |
Titel: | Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2019-2669) |
Zusammenfassung: | The remote host is missing an update for the Huawei EulerOS 'subversion' package(s) announced via the EulerOS-SA-2019-2669 advisory. |
Beschreibung: | Summary: The remote host is missing an update for the Huawei EulerOS 'subversion' package(s) announced via the EulerOS-SA-2019-2669 advisory. Vulnerability Insight: Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.(CVE-2016-8734) Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.(CVE-2015-5343) The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.(CVE-2016-2167) The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.(CVE-2016-2168) Affected Software/OS: 'subversion' package(s) on Huawei EulerOS V2.0SP3. Solution: Please install the updated package(s). CVSS Score: 8.0 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-5343 Debian Security Information: DSA-3424 (Google Search) http://www.debian.org/security/2015/dsa-3424 http://www.securitytracker.com/id/1034470 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.405261 Common Vulnerability Exposure (CVE) ID: CVE-2016-2167 BugTraq ID: 89417 http://www.securityfocus.com/bid/89417 http://subversion.apache.org/security/CVE-2016-2167-advisory.txt Debian Security Information: DSA-3561 (Google Search) http://www.debian.org/security/2016/dsa-3561 http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html https://security.gentoo.org/glsa/201610-05 https://www.oracle.com/security-alerts/cpuoct2020.html http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA@mail.gmail.com%3E http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ@mail.gmail.com%3E http://www.securitytracker.com/id/1035706 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496 SuSE Security Announcement: openSUSE-SU-2016:1263 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html SuSE Security Announcement: openSUSE-SU-2016:1264 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html Common Vulnerability Exposure (CVE) ID: CVE-2016-2168 BugTraq ID: 89320 http://www.securityfocus.com/bid/89320 http://subversion.apache.org/security/CVE-2016-2168-advisory.txt http://www.securitytracker.com/id/1035707 Common Vulnerability Exposure (CVE) ID: CVE-2016-8734 BugTraq ID: 94588 http://www.securityfocus.com/bid/94588 https://subversion.apache.org/security/CVE-2016-8734-advisory.txt Debian Security Information: DSA-3932 (Google Search) http://www.debian.org/security/2017/dsa-3932 https://lists.apache.org/thread.html/7798f5cda1b2a3c70db4be77694b12dec8fcc1a441b00009d44f0e09@%3Cannounce.apache.org%3E http://www.securitytracker.com/id/1037361 |
Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |