ID de Prueba:	1.3.6.1.4.1.25623.1.0.54487
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2005:129 (apache2)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to apache2 announced via advisory MDKSA-2005:129. Marc Stern reported an off-by-one overflow in the mod_ssl CRL verification callback which can only be exploited if the Apache server is configured to use a malicious certificate revocation list (CVE-2005-1268). Watchfire reported a flaw that occured when using the Apache server as a HTTP proxy. A remote attacker could send an HTTP request with both a Transfer-Encoding: chunked header and a Content-Length header which would cause Apache to incorrectly handle and forward the body of the request in a way that the receiving server processed it as a separate HTTP request. This could be used to allow the bypass of web application firewall protection or lead to cross-site scripting (XSS) attacks (CVE-2005-2088). The updated packages have been patched to prevent these issues. Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:129 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1268 102198 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 14366 http://www.securityfocus.com/bid/14366 19072 http://secunia.com/advisories/19072 19185 http://secunia.com/advisories/19185 604 http://securityreason.com/securityalert/604 ADV-2006-0789 http://www.vupen.com/english/advisories/2006/0789 DSA-805 http://www.debian.org/security/2005/dsa-805 HPSBUX02074 http://www.securityfocus.com/archive/1/428138/100/0/threaded MDKSA-2005:129 http://www.mandriva.com/security/advisories?name=MDKSA-2005:129 RHSA-2005:582 http://rhn.redhat.com/errata/RHSA-2005-582.html SSRT051251 SUSE-SA:2005:046 http://www.novell.com/linux/security/advisories/2005_46_apache.html SUSE-SR:2005:018 http://www.novell.com/linux/security/advisories/2005_18_sr.html TSLSA-2005-0059 http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html [httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073139 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073149 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1888194 [3/13] - /httpd/site/trunk/content/security/json/ https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163013 oval:org.mitre.oval:def:1346 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1346 oval:org.mitre.oval:def:1714 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1714 oval:org.mitre.oval:def:1747 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1747 oval:org.mitre.oval:def:9589 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9589 Common Vulnerability Exposure (CVE) ID: CVE-2005-2088 1014323 http://securitytracker.com/id?1014323 102197 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1 14106 http://www.securityfocus.com/bid/14106 14530 http://secunia.com/advisories/14530 15647 http://www.securityfocus.com/bid/15647 17319 http://secunia.com/advisories/17319 17487 http://secunia.com/advisories/17487 17813 http://secunia.com/advisories/17813 19073 http://secunia.com/advisories/19073 19317 http://secunia.com/advisories/19317 20050606 A new whitepaper by Watchfire - HTTP Request Smuggling http://seclists.org/lists/bugtraq/2005/Jun/0025.html 23074 http://secunia.com/advisories/23074 ADV-2005-2140 http://www.vupen.com/english/advisories/2005/2140 ADV-2005-2659 http://www.vupen.com/english/advisories/2005/2659 ADV-2006-1018 http://www.vupen.com/english/advisories/2006/1018 ADV-2006-4680 http://www.vupen.com/english/advisories/2006/4680 APPLE-SA-2005-11-29 http://docs.info.apple.com/article.html?artnum=302847 DSA-803 http://www.debian.org/security/2005/dsa-803 HPSBUX02101 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828 MDKSA-2005:130 http://www.mandriva.com/security/advisories?name=MDKSA-2005:130 PK13959 http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only PK16139 http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only http://www.redhat.com/support/errata/RHSA-2005-582.html SSA:2005-310-04 http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000 SSRT051128 USN-160-2 http://www.ubuntu.com/usn/usn-160-2 [apache-httpd-announce] 20051014 Apache HTTP Server 2.0.55 Released http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3 http://www.apache.org/dist/httpd/CHANGES_1.3 http://www.apache.org/dist/httpd/CHANGES_2.0 http://www.securiteam.com/securityreviews/5GP0220G0U.html http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html oval:org.mitre.oval:def:11452 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452 oval:org.mitre.oval:def:1237 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237 oval:org.mitre.oval:def:1526 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526 oval:org.mitre.oval:def:1629 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629 oval:org.mitre.oval:def:840 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.