English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 90895 CVE descriptions
and 50192 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58360
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
Summary:Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
Description:Description:
The remote host is missing an update to libapache-mod-jk
announced via advisory DSA 1312-1.

It was discovered that the Apache 1.3 connector for the Tomcat Java
servlet engine decoded request URLs multiple times, which can lead
to information disclosure.

For the oldstable distribution (sarge) this problem has been fixed in
version 1.2.5-2sarge1. An updated package for powerpc is not yet
available due to problems with the build host. It will be provided
later.

For the stable distribution (etch) this problem has been fixed in
version 1.2.18-3etch1.

For the unstable distribution (sid) this problem has been fixed in
version 1.2.23-1.

We recommend that you upgrade your libapache-mod-jk package.

Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201312-1

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-1860
http://tomcat.apache.org/connectors-doc/news/20070301.html#20070518.1
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
Debian Security Information: DSA-1312 (Google Search)
http://www.debian.org/security/2007/dsa-1312
http://security.gentoo.org/glsa/glsa-200708-15.xml
HPdes Security Advisory: HPSBUX02262
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
HPdes Security Advisory: SSRT071447
http://www.redhat.com/support/errata/RHSA-2007-0379.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
SuSE Security Announcement: SUSE-SR:2008:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
BugTraq ID: 24147
http://www.securityfocus.com/bid/24147
BugTraq ID: 25159
http://www.securityfocus.com/bid/25159
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6002
http://www.vupen.com/english/advisories/2007/1941
http://www.vupen.com/english/advisories/2007/2732
http://www.vupen.com/english/advisories/2007/3386
http://www.osvdb.org/34877
http://www.securitytracker.com/id?1018138
http://secunia.com/advisories/25383
http://secunia.com/advisories/25701
http://secunia.com/advisories/26235
http://secunia.com/advisories/26512
http://secunia.com/advisories/27037
http://secunia.com/advisories/29242
XForce ISS Database: tomcat-jkconnector-security-bypass(34496)
http://xforce.iss.net/xforce/xfdb/34496
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 50192 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2016 E-Soft Inc. All rights reserved.