Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2017:2907-1)
Summary:The remote host is missing an update for the 'apache2' package(s) announced via the SUSE-SU-2017:2907-1 advisory.
The remote host is missing an update for the 'apache2' package(s) announced via the SUSE-SU-2017:2907-1 advisory.

Vulnerability Insight:
This update for apache2 fixes the following issues:
- Allow disabling SNI on proxy connections using 'SetEnv proxy-disable-sni
1' in the configuration files. (bsc#1052830)
- Allow ECDH again in mod_ssl, it had been incorrectly disabled with the
2.2.34 update. (bsc#1064561)
Following security issue has been fixed:
- CVE-2017-9798: A use-after-free in the OPTIONS command could be used by
attackers to disclose memory of the apache server process, when htaccess
uses incorrect Limit statement. (bsc#1058058)
Additionally, references to the following security issues, fixed by the previous version-update of apache2 to Apache HTTPD 2.2.34 have been added:
- CVE-2017-7668: The HTTP strict parsing introduced a bug in token list
parsing, which allowed ap_find_token() to search past the end of its
input string. By maliciously crafting a sequence of request headers, an
attacker may have be able to cause a segmentation fault, or to force
ap_find_token() to return an incorrect value. (bsc#1045061)
- CVE-2017-3169: mod_ssl may have de-referenced a NULL pointer when
third-party modules call ap_hook_process_connection() during an HTTP
request to an HTTPS port allowing for DoS. (bsc#1045062)
- CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules
outside of the authentication phase may have lead to authentication
requirements being bypassed. (bsc#1045065)
- CVE-2017-7679: mod_mime could have read one byte past the end of a
buffer when sending a malicious Content-Type response header.

Affected Software/OS:
'apache2' package(s) on SUSE Studio Onsite 1.3, SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP3

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-2699
BugTraq ID: 36596
HPdes Security Advisory: HPSBMU02753
HPdes Security Advisory: SSRT100782
XForce ISS Database: apache-solaris-pollset-dos(53666)
Common Vulnerability Exposure (CVE) ID: CVE-2010-0425
BugTraq ID: 38494
CERT/CC vulnerability note: VU#280613
XForce ISS Database: apache-http-modisapi-ocp-unspecified(56624)
Common Vulnerability Exposure (CVE) ID: CVE-2012-0021
HPdes Security Advisory: HPSBMU02748
HPdes Security Advisory: HPSBMU02786
HPdes Security Advisory: HPSBUX02761
HPdes Security Advisory: SSRT100772
HPdes Security Advisory: SSRT100823
HPdes Security Advisory: SSRT100877
RedHat Security Advisories: RHSA-2012:0542
RedHat Security Advisories: RHSA-2012:0543
Common Vulnerability Exposure (CVE) ID: CVE-2014-0118
BugTraq ID: 68745
Debian Security Information: DSA-2989 (Google Search)
HPdes Security Advisory: HPSBMU03380
HPdes Security Advisory: HPSBMU03409
HPdes Security Advisory: HPSBUX03337
HPdes Security Advisory: HPSBUX03512
HPdes Security Advisory: SSRT102066
HPdes Security Advisory: SSRT102254
RedHat Security Advisories: RHSA-2014:1019
RedHat Security Advisories: RHSA-2014:1020
RedHat Security Advisories: RHSA-2014:1021
Common Vulnerability Exposure (CVE) ID: CVE-2017-3167
BugTraq ID: 99135
Debian Security Information: DSA-3896 (Google Search)
RedHat Security Advisories: RHSA-2017:2478
RedHat Security Advisories: RHSA-2017:2479
RedHat Security Advisories: RHSA-2017:2483
RedHat Security Advisories: RHSA-2017:3193
RedHat Security Advisories: RHSA-2017:3194
RedHat Security Advisories: RHSA-2017:3195
RedHat Security Advisories: RHSA-2017:3475
RedHat Security Advisories: RHSA-2017:3476
RedHat Security Advisories: RHSA-2017:3477
Common Vulnerability Exposure (CVE) ID: CVE-2017-3169
BugTraq ID: 99134
Common Vulnerability Exposure (CVE) ID: CVE-2017-7668
BugTraq ID: 99137
Common Vulnerability Exposure (CVE) ID: CVE-2017-7679
BugTraq ID: 99170
Common Vulnerability Exposure (CVE) ID: CVE-2017-9798
BugTraq ID: 100872
BugTraq ID: 105598
Debian Security Information: DSA-3980 (Google Search)
RedHat Security Advisories: RHSA-2017:2882
RedHat Security Advisories: RHSA-2017:2972
RedHat Security Advisories: RHSA-2017:3018
RedHat Security Advisories: RHSA-2017:3113
RedHat Security Advisories: RHSA-2017:3114
RedHat Security Advisories: RHSA-2017:3239
RedHat Security Advisories: RHSA-2017:3240
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.