Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2002:072 (mod

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50844

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2002:072 (mod_ssl)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to mod_ssl
announced via advisory MDKSA-2002:072.

A cross-site scripting vulnerability was discovered in mod_ssl by Joe
Orton. This only affects servers using a combination of wildcard DNS
and UseCanonicalName off (which is not the default in Mandrake
Linux). With this setting turned off, Apache will attempt to use the
hostname:port that the client supplies, which is where the problem
comes into play. With this setting turned on (the default), Apache
constructs a self-referencing URL and will use ServerName and Port to
form the canonical name.

It is recommended that all users upgrade, regardless of the setting of
the UseCanonicalName configuration option.

Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0,
Single Network Firewall 7.2

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2002:072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1157

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 6029
Common Vulnerability Exposure (CVE) ID: CVE-2002-1157
http://www.securityfocus.com/bid/6029
Bugtraq: 20021023 [OpenPKG-SA-2002.010] OpenPKG Security Advisory (apache) (Google Search)
http://online.securityfocus.com/archive/1/296753
Bugtraq: 20021026 GLSA: mod_ssl (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2002-10/0374.html
Conectiva Linux advisory: CLA-2002:541
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000541
Debian Security Information: DSA-181 (Google Search)
http://www.debian.org/security/2002/dsa-181
En Garde Linux Advisory: ESA-20021029-027
http://www.linuxsecurity.com/advisories/other_advisory-2512.html
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-072.php
http://www.osvdb.org/2107
http://www.redhat.com/support/errata/RHSA-2002-222.html
http://www.redhat.com/support/errata/RHSA-2002-243.html
http://www.redhat.com/support/errata/RHSA-2002-244.html
http://www.redhat.com/support/errata/RHSA-2002-248.html
http://www.redhat.com/support/errata/RHSA-2002-251.html
http://www.redhat.com/support/errata/RHSA-2003-106.html
http://www.iss.net/security_center/static/10457.php

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50844
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2002:072 (mod_ssl)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to mod_ssl announced via advisory MDKSA-2002:072. A cross-site scripting vulnerability was discovered in mod_ssl by Joe Orton. This only affects servers using a combination of wildcard DNS and UseCanonicalName off (which is not the default in Mandrake Linux). With this setting turned off, Apache will attempt to use the hostname:port that the client supplies, which is where the problem comes into play. With this setting turned on (the default), Apache constructs a self-referencing URL and will use ServerName and Port to form the canonical name. It is recommended that all users upgrade, regardless of the setting of the UseCanonicalName configuration option. Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0, Single Network Firewall 7.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2002:072 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1157 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 6029 Common Vulnerability Exposure (CVE) ID: CVE-2002-1157 http://www.securityfocus.com/bid/6029 Bugtraq: 20021023 [OpenPKG-SA-2002.010] OpenPKG Security Advisory (apache) (Google Search) http://online.securityfocus.com/archive/1/296753 Bugtraq: 20021026 GLSA: mod_ssl (Google Search) http://archives.neohapsis.com/archives/bugtraq/2002-10/0374.html Conectiva Linux advisory: CLA-2002:541 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000541 Debian Security Information: DSA-181 (Google Search) http://www.debian.org/security/2002/dsa-181 En Garde Linux Advisory: ESA-20021029-027 http://www.linuxsecurity.com/advisories/other_advisory-2512.html http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-072.php http://www.osvdb.org/2107 http://www.redhat.com/support/errata/RHSA-2002-222.html http://www.redhat.com/support/errata/RHSA-2002-243.html http://www.redhat.com/support/errata/RHSA-2002-244.html http://www.redhat.com/support/errata/RHSA-2002-248.html http://www.redhat.com/support/errata/RHSA-2002-251.html http://www.redhat.com/support/errata/RHSA-2003-106.html http://www.iss.net/security_center/static/10457.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com