ID de Prueba:	1.3.6.1.4.1.25623.1.0.100172
Categoría:	Web Servers
Título:	Apache HTTP Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
Resumen:	According to its version number, the remote version of Apache Web; Server is prone to a local buffer-overflow vulnerability that; affects a configuration file environment variable.
Descripción:	Summary: According to its version number, the remote version of Apache Web Server is prone to a local buffer-overflow vulnerability that affects a configuration file environment variable. Vulnerability Insight: The flaws occurs because the application fails to validate user-supplied string lengths before copying them into finite process buffers. Vulnerability Impact: An attacker may leverage this issue to execute arbitrary code on the affected computer with the privileges of the Apache webserver process. Solution: The vendor has released an upgrade. Please see the references for more information. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0747 CERT/CC vulnerability note: VU#481998 http://www.kb.cert.org/vuls/id/481998 http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096 http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11561 http://www.redhat.com/support/errata/RHSA-2004-463.html http://securitytracker.com/id?1011303 http://secunia.com/advisories/12540 http://secunia.com/advisories/34920 SuSE Security Announcement: SUSE-SA:2004:032 (Google Search) http://www.novell.com/linux/security/advisories/2004_32_apache2.html http://www.trustix.org/errata/2004/0047/ http://www.vupen.com/english/advisories/2009/1233 XForce ISS Database: apache-env-configuration-bo(17384) https://exchange.xforce.ibmcloud.com/vulnerabilities/17384
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.