Turbolinux Local Security Tests : Turbolinux TLSA-2004-31 (apache)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52904

Categoría: Turbolinux Local Security Tests

Título: Turbolinux TLSA-2004-31 (apache)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to apache
announced via advisory TLSA-2004-31.

Apache is a powerful, full-featured, efficient, and freely-available
Web server.

- A buffer overflow vulnerability has been found in Apache's mod_proxy
module exploitable via malformed Content-Length headers.

- A buffer overflow vulnerability has been found in Apache's mod_include
module -- in its get_tag() function.

The mod_proxy vulnerability may allow an attacker to cause a denial of
service of httpd.

A local user could exploit the mod_include vulnerability to gain apache
user privileges.

Solution: Please use the turbopkg (zabom) tool to apply the update.
https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2004-31

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0492
Bugtraq: 20040611 [OpenPKG-SA-2004.029] OpenPKG Security Advisory (apache) (Google Search)
http://marc.info/?l=bugtraq&m=108711172710140&w=2
CERT/CC vulnerability note: VU#541310
http://www.kb.cert.org/vuls/id/541310
Debian Security Information: DSA-525 (Google Search)
http://www.debian.org/security/2004/dsa-525
https://bugzilla.fedora.us/show_bug.cgi?id=1737
http://seclists.org/lists/fulldisclosure/2004/Jun/0296.html
HPdes Security Advisory: HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: SSRT090208
http://www.mandriva.com/security/advisories?name=MDKSA-2004:065
http://www.guninski.com/modproxy1.html
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100112
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4863
RedHat Security Advisories: RHSA-2004:245
http://rhn.redhat.com/errata/RHSA-2004-245.html
http://secunia.com/advisories/11841
SGI Security Advisory: 20040605-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1
XForce ISS Database: apache-modproxy-contentlength-bo(16387)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16387
Common Vulnerability Exposure (CVE) ID: CVE-2004-0940
BugTraq ID: 11471
http://www.securityfocus.com/bid/11471
Debian Security Information: DSA-594 (Google Search)
http://www.debian.org/security/2004/dsa-594
http://www.mandriva.com/security/advisories?name=MDKSA-2004:134
http://marc.info/?l=bugtraq&m=109906660225051&w=2
http://www.redhat.com/support/errata/RHSA-2004-600.html
http://www.redhat.com/support/errata/RHSA-2005-816.html
http://securitytracker.com/id?1011783
http://secunia.com/advisories/12898/
http://secunia.com/advisories/19073
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1
http://www.vupen.com/english/advisories/2006/0789
XForce ISS Database: apache-modinclude-bo(17785)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17785

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52904
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2004-31 (apache)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to apache announced via advisory TLSA-2004-31. Apache is a powerful, full-featured, efficient, and freely-available Web server. - A buffer overflow vulnerability has been found in Apache's mod_proxy module exploitable via malformed Content-Length headers. - A buffer overflow vulnerability has been found in Apache's mod_include module -- in its get_tag() function. The mod_proxy vulnerability may allow an attacker to cause a denial of service of httpd. A local user could exploit the mod_include vulnerability to gain apache user privileges. Solution: Please use the turbopkg (zabom) tool to apply the update. https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2004-31 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0492 Bugtraq: 20040611 [OpenPKG-SA-2004.029] OpenPKG Security Advisory (apache) (Google Search) http://marc.info/?l=bugtraq&m=108711172710140&w=2 CERT/CC vulnerability note: VU#541310 http://www.kb.cert.org/vuls/id/541310 Debian Security Information: DSA-525 (Google Search) http://www.debian.org/security/2004/dsa-525 https://bugzilla.fedora.us/show_bug.cgi?id=1737 http://seclists.org/lists/fulldisclosure/2004/Jun/0296.html HPdes Security Advisory: HPSBOV02683 http://marc.info/?l=bugtraq&m=130497311408250&w=2 HPdes Security Advisory: SSRT090208 http://www.mandriva.com/security/advisories?name=MDKSA-2004:065 http://www.guninski.com/modproxy1.html https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100112 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4863 RedHat Security Advisories: RHSA-2004:245 http://rhn.redhat.com/errata/RHSA-2004-245.html http://secunia.com/advisories/11841 SGI Security Advisory: 20040605-01-U ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1 XForce ISS Database: apache-modproxy-contentlength-bo(16387) https://exchange.xforce.ibmcloud.com/vulnerabilities/16387 Common Vulnerability Exposure (CVE) ID: CVE-2004-0940 BugTraq ID: 11471 http://www.securityfocus.com/bid/11471 Debian Security Information: DSA-594 (Google Search) http://www.debian.org/security/2004/dsa-594 http://www.mandriva.com/security/advisories?name=MDKSA-2004:134 http://marc.info/?l=bugtraq&m=109906660225051&w=2 http://www.redhat.com/support/errata/RHSA-2004-600.html http://www.redhat.com/support/errata/RHSA-2005-816.html http://securitytracker.com/id?1011783 http://secunia.com/advisories/12898/ http://secunia.com/advisories/19073 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1 http://www.vupen.com/english/advisories/2006/0789 XForce ISS Database: apache-modinclude-bo(17785) https://exchange.xforce.ibmcloud.com/vulnerabilities/17785
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com