Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2013:0830-1)
Summary:The remote host is missing an update for the 'Apache' package(s) announced via the SUSE-SU-2013:0830-1 advisory.
The remote host is missing an update for the 'Apache' package(s) announced via the SUSE-SU-2013:0830-1 advisory.

Vulnerability Insight:
Apache2 has been updated to fix multiple security issues:


CVE-2012-4557: Denial of Service via special requests in mod_proxy_ajp


CVE-2012-0883: improper LD_LIBRARY_PATH handling


CVE-2012-2687: filename escaping problem


CVE-2012-4558: Multiple cross-site scripting (XSS)
vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server potentially allowed remote attackers to inject arbitrary web script or HTML via a crafted string.


CVE-2012-3499: Multiple cross-site scripting (XSS)
vulnerabilities in the Apache HTTP Server allowed remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1)
mod_imagemap, (2) mod_info, (3) mod_ldap, (4)
mod_proxy_ftp, and (5) mod_status modules.

Additionally, some non-security bugs have been fixed:


ignore case when checking against SNI server names.


httpd-2.2.x-CVE-2011-3368_CVE-2011-4317-bnc722545.diff rewor ked to reflect the upstream changes. This will prevent the
'Invalid URI in request OPTIONS *' messages in the error log. [bnc#722545]


new sysconfig variable APACHE_DISABLE_SSL_COMPRESSION, if set to on,
OPENSSL_NO_DEFAULT_ZLIB will be inherited to the apache process, openssl will then transparently disable compression. This change affects start script and sysconfig fillup template. Default is on, SSL compression disabled.
Please see mod_deflate for compressed transfer at http layer. [bnc#782956]

Security Issue references:

* CVE-2012-3499
* CVE-2012-4558
* CVE-2012-4557
* CVE-2012-2687
* CVE-2012-0883
* CVE-2012-0021

Affected Software/OS:
'Apache' package(s) on SUSE Linux Enterprise Server 11 SP1

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-3368
BugTraq ID: 49957
Debian Security Information: DSA-2405 (Google Search)
HPdes Security Advisory: HPSBMU02748
HPdes Security Advisory: HPSBOV02822
HPdes Security Advisory: SSRT100772
HPdes Security Advisory: SSRT100966
RedHat Security Advisories: RHSA-2012:0542
RedHat Security Advisories: RHSA-2012:0543
SuSE Security Announcement: SUSE-SU-2011:1229 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:0243 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:0248 (Google Search)
XForce ISS Database: apache-modproxy-information-disclosure(70336)
Common Vulnerability Exposure (CVE) ID: CVE-2011-4317
HPdes Security Advisory: HPSBMU02786
HPdes Security Advisory: SSRT100877
RedHat Security Advisories: RHSA-2012:0128
Common Vulnerability Exposure (CVE) ID: CVE-2012-0021
HPdes Security Advisory: HPSBUX02761
HPdes Security Advisory: SSRT100823
Common Vulnerability Exposure (CVE) ID: CVE-2012-0883
BugTraq ID: 53046
HPdes Security Advisory: HPSBMU02900
HPdes Security Advisory: HPSBUX02791
HPdes Security Advisory: SSRT100856
HPdes Security Advisory: SSRT101209
XForce ISS Database: apache-ldlibrarypath-code-execution(74901)
Common Vulnerability Exposure (CVE) ID: CVE-2012-2687
BugTraq ID: 55131
HPdes Security Advisory: HPSBUX02866
HPdes Security Advisory: SSRT101139
RedHat Security Advisories: RHSA-2012:1591
RedHat Security Advisories: RHSA-2012:1592
RedHat Security Advisories: RHSA-2012:1594
RedHat Security Advisories: RHSA-2013:0130
SuSE Security Announcement: openSUSE-SU-2013:0245 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2012-3499
BugTraq ID: 58165
BugTraq ID: 64758
Debian Security Information: DSA-2637 (Google Search)
RedHat Security Advisories: RHSA-2013:0815
RedHat Security Advisories: RHSA-2013:1207
RedHat Security Advisories: RHSA-2013:1208
RedHat Security Advisories: RHSA-2013:1209
Common Vulnerability Exposure (CVE) ID: CVE-2012-4557
Debian Security Information: DSA-2579 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2012-4558
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.