Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2013:1824-1)
Summary:The remote host is missing an update for the 'Apache2' package(s) announced via the SUSE-SU-2013:1824-1 advisory.
The remote host is missing an update for the 'Apache2' package(s) announced via the SUSE-SU-2013:1824-1 advisory.

Vulnerability Insight:
Apache2 received an LTSS rollup update which fixes various security issues and bugs.

Security issues fixed:

* CVE-2013-1896: Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault. [bnc#829056]
* CVE-2013-1862: client data written to the RewriteLog must have terminal escape sequences escaped. [bnc#829057]

Bugs fixed:

* make sure that input that has already arrived on the socket is not discarded during a non-blocking read (read(2)
returns 0 and errno is set to -EAGAIN). [bnc#815621]
* make ssl connection not behave as above (this is openssl BIO stuff). [bnc#815621]
* close the connection just before an attempted re-negotiation if data has been read with pipelining. This is done by resetting the keepalive status. [bnc#815621]
* reset the renegotiation status of a clientserver connection to RENEG_INIT to prevent falsely assumed status.
* 'OPTIONS *' internal requests are intercepted by a dummy filter that kicks in for the OPTIONS method. Apple iPrint uses 'OPTIONS *' to upgrade the connection to TLS/1.0 following rfc2817. For compatibility, check if an Upgrade request header is present and skip the filter if yes. [bnc#791794]

Security Issue references:

* CVE-2013-1896
* CVE-2013-1862

Affected Software/OS:
'Apache2' package(s) on SUSE Linux Enterprise Server 11 SP1

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-1862
BugTraq ID: 59826
BugTraq ID: 64758
Cisco Security Advisory: 20130822 Apache HTTP Server mod_rewrite Log File Manipulation Vulnerability
HPdes Security Advisory: HPSBUX02927
HPdes Security Advisory: SSRT101288
RedHat Security Advisories: RHSA-2013:0815
RedHat Security Advisories: RHSA-2013:1207
RedHat Security Advisories: RHSA-2013:1208
RedHat Security Advisories: RHSA-2013:1209
SuSE Security Announcement: openSUSE-SU-2013:1337 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:1340 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:1341 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2013-1896
BugTraq ID: 61129
Cisco Security Advisory: 20130822 Apache HTTP Server MERGE Request Denial of Service Vulnerability
RedHat Security Advisories: RHSA-2013:1156
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.