English | Deutsch | Español | Português
 ID de Usuario:
 Contraseña:
Nuevo usuario
 Acerca de:   Dedicada | Avanzada | Estándar | Periódica | Sin Riesgo | Escritorio | Básica | Individual | Sello | FAQ
  Resumen de Precio/Funciones | Ordenar  | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad
 Búsqueda de    
Vulnerabilidad   
    Buscar 89547 Descripciones CVE y
49323 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.55261
Categoría:Debian Local Security Checks
Título:Debian Security Advisory DSA 805-1 (apache2)
Resumen:Debian Security Advisory DSA 805-1 (apache2)
Descripción:Description:
The remote host is missing an update to apache2
announced via advisory DSA 805-1.

Several problems have been discovered in Apache2, the next generation,
scalable, extendable web server. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2005-1268
Marc Stern discovered an off-by-one error in the mod_ssl
Certificate Revocation List (CRL) verification callback. When
Apache is configured to use a CRL this can be used to cause a
denial of service.

CVE-2005-2088
A vulnerability has been discovered in the Apache web server.
When it is acting as an HTTP proxy, it allows remote attackers to
poison the web cache, bypass web application firewall protection,
and conduct cross-site scripting attacks, which causes Apache to
incorrectly handle and forward the body of the request.

CVE-2005-2700
A problem has been discovered in mod_ssl, which provides strong
cryptography (HTTPS support) for Apache that allows remote
attackers to bypass access restrictions.

CVE-2005-2728
The byte-range filter in Apache 2.0 allows remote attackers to
cause a denial of service via an HTTP header with a large Range
field.

The old stable distribution (woody) does not contain Apache2 packages.

For the stable distribution (sarge) these problems have been fixed in
version 2.0.54-5.

For the unstable distribution (sid) these problems have been fixed in
version 2.0.54-5.

We recommend that you upgrade your apache2 packages.

Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20805-1

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: BugTraq ID: 14660
Common Vulnerability Exposure (CVE) ID: CVE-2005-1268
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163013
Debian Security Information: DSA-805 (Google Search)
http://www.debian.org/security/2005/dsa-805
HPdes Security Advisory: HPSBUX02074
http://www.securityfocus.com/archive/1/archive/1/428138/100/0/threaded
HPdes Security Advisory: SSRT051251
http://www.mandriva.com/security/advisories?name=MDKSA-2005:129
http://www.redhat.com/support/errata/RHSA-2005-582.html
http://rhn.redhat.com/errata/RHSA-2005-582.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
SuSE Security Announcement: SUSE-SA:2005:046 (Google Search)
http://www.novell.com/linux/security/advisories/2005_46_apache.html
SuSE Security Announcement: SUSE-SR:2005:018 (Google Search)
http://www.novell.com/linux/security/advisories/2005_18_sr.html
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
BugTraq ID: 14366
http://www.securityfocus.com/bid/14366
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9589
http://www.vupen.com/english/advisories/2006/0789
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1346
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1714
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1747
http://secunia.com/advisories/19072
http://secunia.com/advisories/19185
http://securityreason.com/securityalert/604
Common Vulnerability Exposure (CVE) ID: CVE-2005-2088
Bugtraq: 20050606 A new whitepaper by Watchfire - HTTP Request Smuggling (Google Search)
http://seclists.org/lists/bugtraq/2005/Jun/0025.html
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
http://www.securiteam.com/securityreviews/5GP0220G0U.html
http://marc2.theaimsgroup.com/?l=apache-httpd-announce&m=112931556417329&w=3
AIX APAR: PK13959
http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only
AIX APAR: PK16139
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only
http://docs.info.apple.com/article.html?artnum=302847
Debian Security Information: DSA-803 (Google Search)
http://www.debian.org/security/2005/dsa-803
HPdes Security Advisory: HPSBUX02101
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828
HPdes Security Advisory: SSRT051128
http://www.mandriva.com/security/advisories?name=MDKSA-2005:130
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1
http://www.ubuntu.com/usn/usn-160-2
BugTraq ID: 14106
http://www.securityfocus.com/bid/14106
BugTraq ID: 15647
http://www.securityfocus.com/bid/15647
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11452
http://www.vupen.com/english/advisories/2005/2140
http://www.vupen.com/english/advisories/2005/2659
http://www.vupen.com/english/advisories/2006/1018
http://www.vupen.com/english/advisories/2006/4680
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:840
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1526
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1629
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1237
http://securitytracker.com/id?1014323
http://secunia.com/advisories/17813
http://secunia.com/advisories/14530
http://secunia.com/advisories/17487
http://secunia.com/advisories/19073
http://secunia.com/advisories/19317
http://secunia.com/advisories/17319
http://secunia.com/advisories/23074
Common Vulnerability Exposure (CVE) ID: CVE-2005-2700
http://marc.theaimsgroup.com/?l=apache-modssl&m=112569517603897&w=2
Debian Security Information: DSA-807 (Google Search)
http://www.debian.org/security/2005/dsa-807
http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml
HPdes Security Advisory: HPSBUX01232
http://marc.theaimsgroup.com/?l=bugtraq&m=112870296926652&w=2
HPdes Security Advisory: SSRT051043
http://www.mandriva.com/security/advisories?name=MDKSA-2005:161
http://marc.theaimsgroup.com/?l=bugtraq&m=112604765028607&w=2
http://www.redhat.com/support/errata/RHSA-2005-608.html
http://www.redhat.com/support/errata/RHSA-2005-773.html
http://www.redhat.com/support/errata/RHSA-2005-816.html
SuSE Security Announcement: SUSE-SA:2005:051 (Google Search)
http://www.novell.com/linux/security/advisories/2005_51_apache2.html
SuSE Security Announcement: SUSE-SA:2005:052 (Google Search)
http://www.novell.com/linux/security/advisories/2005_52_apache2.html
SuSE Security Announcement: SuSE-SA:2006:051 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2006-Sep/0004.html
SuSE Security Announcement: SUSE-SA:2006:051 (Google Search)
http://www.novell.com/linux/security/advisories/2006_51_apache.html
http://www.ubuntu.com/usn/usn-177-1
CERT/CC vulnerability note: VU#744929
http://www.kb.cert.org/vuls/id/744929
BugTraq ID: 14721
http://www.securityfocus.com/bid/14721
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10416
http://www.vupen.com/english/advisories/2005/1625
http://www.vupen.com/english/advisories/2006/4207
http://www.osvdb.org/19188
http://secunia.com/advisories/16700
http://secunia.com/advisories/16705
http://secunia.com/advisories/16714
http://secunia.com/advisories/16743
http://secunia.com/advisories/16746
http://secunia.com/advisories/16748
http://secunia.com/advisories/16753
http://secunia.com/advisories/16754
http://secunia.com/advisories/16769
http://secunia.com/advisories/16771
http://secunia.com/advisories/16789
http://secunia.com/advisories/16864
http://secunia.com/advisories/16956
http://secunia.com/advisories/17088
http://secunia.com/advisories/17288
http://secunia.com/advisories/17311
http://secunia.com/advisories/21848
http://secunia.com/advisories/22523
Common Vulnerability Exposure (CVE) ID: CVE-2005-2728
http://www.gentoo.org/security/en/glsa/glsa-200508-15.xml
SGI Security Advisory: 20060101-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
http://www.securityfocus.com/bid/14660
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10017
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:760
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1246
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1727
http://secunia.com/advisories/16559/
http://secunia.com/advisories/17036
http://secunia.com/advisories/17600
http://secunia.com/advisories/17831
http://secunia.com/advisories/17923
http://secunia.com/advisories/18161
http://secunia.com/advisories/18333
http://secunia.com/advisories/18517
XForce ISS Database: apache-byterange-dos(22006)
http://xforce.iss.net/xforce/xfdb/22006
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 49323 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:
Usuario:
Contraseña:
Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.
Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.
   Privacidad
Ingreso de Usuario Registrado
 
Usuario:   
Contraseña:  

 ¿Olvidó su usuario o contraseña??
Email/ID de Usario:




Principal | Acerca de Nosotros | Contáctenos | Programas de Asociado | Developer APIs | Privacidad | Listas de Correo | Abuso
Auditorías de Seguridad | DNS Administrado | Monitoreo de Red | Analizador de Sitio | Informes de Investigación de Internet
Prueba de Web | Whois

© 1998-2016 E-Soft Inc. Todos los derechos reservados.