Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2013:0469-1)
Summary:The remote host is missing an update for the 'apache2' package(s) announced via the SUSE-SU-2013:0469-1 advisory.
The remote host is missing an update for the 'apache2' package(s) announced via the SUSE-SU-2013:0469-1 advisory.

Vulnerability Insight:
This Apache2 LTSS roll-up update for SUSE Linux Enterprise 10 SP3 LTSS fixes the following security issues and bugs:

* CVE-2012-4557: Denial of Service via special requests in mod_proxy_ajp
* CVE-2012-0883: improper LD_LIBRARY_PATH handling
* CVE-2012-2687: filename escaping problem
* CVE-2012-0031: Fixed a scoreboard corruption (shared mem segment) by child causes crash of privileged parent
(invalid free()) during shutdown.
* CVE-2012-0053: Fixed an issue in error responses that could expose 'httpOnly' cookies when no custom ErrorDocument is specified for status code 400'.
* The SSL configuration template has been adjusted not to suggested weak ciphers

CVE-2007-6750: The 'mod_reqtimeout' module was backported from Apache 2.2.21 to help mitigate the
'Slowloris' Denial of Service attack.

You need to enable the 'mod_reqtimeout' module in your existing apache configuration to make it effective,
e.g. in the APACHE_MODULES line in /etc/sysconfig/apache2.

* CVE-2011-3639, CVE-2011-3368, CVE-2011-4317: This update also includes several fixes for a mod_proxy reverse exposure via RewriteRule or ProxyPassMatch directives.
* CVE-2011-1473: Fixed the SSL renegotiation DoS by disabling renegotiation by default.
* CVE-2011-3607: Integer overflow in ap_pregsub function resulting in a heap based buffer overflow could potentially allow local attackers to gain privileges

Additionally, some non-security bugs have been fixed which are listed in the changelog file.

Security Issue references:

* CVE-2012-4557
* CVE-2012-2687
* CVE-2012-0883
* CVE-2012-0021

Affected Software/OS:
'apache2' package(s) on SUSE Linux Enterprise Server 10 SP3

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-6750
BugTraq ID: 21865
Bugtraq: 20070105 Re: a cheesy Apache / IIS DoS vuln (+a question) (Google Search)
HPdes Security Advisory: HPSBUX02866
HPdes Security Advisory: SSRT101139
SuSE Security Announcement: SUSE-SU-2012:0323 (Google Search)
SuSE Security Announcement: openSUSE-SU-2012:0314 (Google Search)
XForce ISS Database: apache-server-http-dos(72345)
Common Vulnerability Exposure (CVE) ID: CVE-2011-1473
Bugtraq: 20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities (Google Search)
HPdes Security Advisory: HPSBMU02776
HPdes Security Advisory: SSRT100852
Common Vulnerability Exposure (CVE) ID: CVE-2011-3368
BugTraq ID: 49957
Debian Security Information: DSA-2405 (Google Search)
HPdes Security Advisory: HPSBMU02748
HPdes Security Advisory: HPSBOV02822
HPdes Security Advisory: SSRT100772
HPdes Security Advisory: SSRT100966
RedHat Security Advisories: RHSA-2012:0542
RedHat Security Advisories: RHSA-2012:0543
SuSE Security Announcement: SUSE-SU-2011:1229 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:0243 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:0248 (Google Search)
XForce ISS Database: apache-modproxy-information-disclosure(70336)
Common Vulnerability Exposure (CVE) ID: CVE-2011-3607
BugTraq ID: 50494
HPdes Security Advisory: HPSBMU02786
HPdes Security Advisory: HPSBUX02761
HPdes Security Advisory: SSRT100823
HPdes Security Advisory: SSRT100877
RedHat Security Advisories: RHSA-2012:0128
XForce ISS Database: apache-http-appregsub-bo(71093)
Common Vulnerability Exposure (CVE) ID: CVE-2011-3639
Common Vulnerability Exposure (CVE) ID: CVE-2011-4317
Common Vulnerability Exposure (CVE) ID: CVE-2012-0021
Common Vulnerability Exposure (CVE) ID: CVE-2012-0031
BugTraq ID: 51407
Common Vulnerability Exposure (CVE) ID: CVE-2012-0053
BugTraq ID: 51706
HPdes Security Advisory: HPSBST02848
HPdes Security Advisory: SSRT101112
Common Vulnerability Exposure (CVE) ID: CVE-2012-0883
BugTraq ID: 53046
HPdes Security Advisory: HPSBMU02900
HPdes Security Advisory: HPSBUX02791
HPdes Security Advisory: SSRT100856
HPdes Security Advisory: SSRT101209
XForce ISS Database: apache-ldlibrarypath-code-execution(74901)
Common Vulnerability Exposure (CVE) ID: CVE-2012-2687
BugTraq ID: 55131
RedHat Security Advisories: RHSA-2012:1591
RedHat Security Advisories: RHSA-2012:1592
RedHat Security Advisories: RHSA-2012:1594
RedHat Security Advisories: RHSA-2013:0130
SuSE Security Announcement: openSUSE-SU-2013:0245 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2012-4557
Debian Security Information: DSA-2579 (Google Search)
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.