Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2015.0689.1
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2015:0689-1)
Zusammenfassung:The remote host is missing an update for the 'apache2' package(s) announced via the SUSE-SU-2015:0689-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'apache2' package(s) announced via the SUSE-SU-2015:0689-1 advisory.

Vulnerability Insight:
The Apache2 webserver was updated to fix various issues.

The following feature was added:

* Provide support for the tunneling of web socket connections to a
backend websockets server. (FATE#316880)

The following security issues have been fixed:

* CVE-2013-5704: The mod_headers module in the Apache HTTP Server
2.2.22 allowed remote attackers to bypass 'RequestHeader unset'
directives by placing a header in the trailer portion of data sent
with chunked transfer coding. The fix also adds a 'MergeTrailers'
directive to restore legacy behavior.
* CVE-2014-3581: The cache_merge_headers_out function in
modules/cache/cache_util.c in the mod_cache module in the Apache
HTTP Server allowed remote attackers to cause a denial of service
(NULL pointer dereference and application crash) via an empty HTTP
Content-Type header.
* CVE-2003-1418: Apache HTTP Server allowed remote attackers to obtain
sensitive information via (1) the ETag header, which reveals the
inode number, or (2) multipart MIME boundary, which reveals child
process IDs (PID). We so far assumed that this not useful to
attackers, the fix is basically just reducing potential information
leaks.

The following bugs have been fixed:

* Treat the 'server unavailable' condition as a transient error with
all LDAP SDKs. (bsc#904427)
* Fixed a segmentation fault at startup if the certs are shared across
> 1 server_rec. (bsc#907339)

Affected Software/OS:
'apache2' package(s) on SUSE Linux Enterprise Server 11 SP3, SUSE Linux Enterprise Software Development Kit 11 SP3.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2003-1418
BugTraq ID: 6939
http://www.securityfocus.com/bid/6939
BugTraq ID: 6943
http://www.securityfocus.com/bid/6943
OpenBSD Security Advisory: [3.2] 008: SECURITY FIX: February 25, 2003
http://www.openbsd.org/errata32.html
XForce ISS Database: apache-mime-information-disclosure(11438)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11438
Common Vulnerability Exposure (CVE) ID: CVE-2013-5704
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
BugTraq ID: 66550
http://www.securityfocus.com/bid/66550
https://security.gentoo.org/glsa/201504-03
HPdes Security Advisory: HPSBUX03337
http://marc.info/?l=bugtraq&m=143403519711434&w=2
HPdes Security Advisory: HPSBUX03512
http://marc.info/?l=bugtraq&m=144493176821532&w=2
HPdes Security Advisory: SSRT102066
HPdes Security Advisory: SSRT102254
http://www.mandriva.com/security/advisories?name=MDVSA-2014:174
http://martin.swende.se/blog/HTTPChunked.html
http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E
RedHat Security Advisories: RHSA-2015:0325
http://rhn.redhat.com/errata/RHSA-2015-0325.html
RedHat Security Advisories: RHSA-2015:1249
http://rhn.redhat.com/errata/RHSA-2015-1249.html
RedHat Security Advisories: RHSA-2015:2659
https://access.redhat.com/errata/RHSA-2015:2659
RedHat Security Advisories: RHSA-2015:2660
https://access.redhat.com/errata/RHSA-2015:2660
RedHat Security Advisories: RHSA-2015:2661
http://rhn.redhat.com/errata/RHSA-2015-2661.html
RedHat Security Advisories: RHSA-2016:0061
http://rhn.redhat.com/errata/RHSA-2016-0061.html
RedHat Security Advisories: RHSA-2016:0062
http://rhn.redhat.com/errata/RHSA-2016-0062.html
http://www.ubuntu.com/usn/USN-2523-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-3581
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
BugTraq ID: 71656
http://www.securityfocus.com/bid/71656
https://security.gentoo.org/glsa/201610-02
https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E
http://www.securitytracker.com/id/1031005
XForce ISS Database: apache-cve20143581-dos(97027)
https://exchange.xforce.ibmcloud.com/vulnerabilities/97027
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.