ID de Prueba:	1.3.6.1.4.1.25623.1.0.52901
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2004-28 (httpd)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to httpd announced via advisory TLSA-2004-28. Apache is a powerful, full-featured, efficient, and freely-available Web server. Apache is also the most popular Web server on the Internet. The identified vulnerability is in the apr-util library. The buffer overflow occurs when expanding ${ENVVAR} constructs in .htaccess or httpd.conf files. Allows remote attackers to cause a denial of service of the Apache server. Solution: Please use the turbopkg (zabom) tool to apply the update. https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2004-28 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0747 CERT/CC vulnerability note: VU#481998 http://www.kb.cert.org/vuls/id/481998 http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096 http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11561 http://www.redhat.com/support/errata/RHSA-2004-463.html http://securitytracker.com/id?1011303 http://secunia.com/advisories/12540 http://secunia.com/advisories/34920 SuSE Security Announcement: SUSE-SA:2004:032 (Google Search) http://www.novell.com/linux/security/advisories/2004_32_apache2.html http://www.trustix.org/errata/2004/0047/ http://www.vupen.com/english/advisories/2009/1233 XForce ISS Database: apache-env-configuration-bo(17384) https://exchange.xforce.ibmcloud.com/vulnerabilities/17384 Common Vulnerability Exposure (CVE) ID: CVE-2004-0786 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11380 XForce ISS Database: apache-ipv6-aprutil-dos(17382) https://exchange.xforce.ibmcloud.com/vulnerabilities/17382
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.