Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2017.2907.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2017:2907-1)
Summary:The remote host is missing an update for the 'apache2' package(s) announced via the SUSE-SU-2017:2907-1 advisory.
Description:Summary:
The remote host is missing an update for the 'apache2' package(s) announced via the SUSE-SU-2017:2907-1 advisory.

Vulnerability Insight:
This update for apache2 fixes the following issues:
- Allow disabling SNI on proxy connections using 'SetEnv proxy-disable-sni
1' in the configuration files. (bsc#1052830)
- Allow ECDH again in mod_ssl, it had been incorrectly disabled with the
2.2.34 update. (bsc#1064561)
Following security issue has been fixed:
- CVE-2017-9798: A use-after-free in the OPTIONS command could be used by
attackers to disclose memory of the apache server process, when htaccess
uses incorrect Limit statement. (bsc#1058058)
Additionally, references to the following security issues, fixed by the previous version-update of apache2 to Apache HTTPD 2.2.34 have been added:
- CVE-2017-7668: The HTTP strict parsing introduced a bug in token list
parsing, which allowed ap_find_token() to search past the end of its
input string. By maliciously crafting a sequence of request headers, an
attacker may have be able to cause a segmentation fault, or to force
ap_find_token() to return an incorrect value. (bsc#1045061)
- CVE-2017-3169: mod_ssl may have de-referenced a NULL pointer when
third-party modules call ap_hook_process_connection() during an HTTP
request to an HTTPS port allowing for DoS. (bsc#1045062)
- CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules
outside of the authentication phase may have lead to authentication
requirements being bypassed. (bsc#1045065)
- CVE-2017-7679: mod_mime could have read one byte past the end of a
buffer when sending a malicious Content-Type response header.
(bsc#1045060)

Affected Software/OS:
'apache2' package(s) on SUSE Studio Onsite 1.3, SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP3

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-2699
BugTraq ID: 36596
http://www.securityfocus.com/bid/36596
HPdes Security Advisory: HPSBMU02753
http://marc.info/?l=bugtraq&m=133355494609819&w=2
HPdes Security Advisory: SSRT100782
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E
http://securitytracker.com/id?1022988
XForce ISS Database: apache-solaris-pollset-dos(53666)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53666
Common Vulnerability Exposure (CVE) ID: CVE-2010-0425
AIX APAR: PM09447
http://www-01.ibm.com/support/docview.wss?uid=swg1PM09447
AIX APAR: PM12247
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
BugTraq ID: 38494
http://www.securityfocus.com/bid/38494
CERT/CC vulnerability note: VU#280613
http://www.kb.cert.org/vuls/id/280613
http://www.senseofsecurity.com.au/advisories/SOS-10-002
https://www.exploit-db.com/exploits/11650
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
http://lists.vmware.com/pipermail/security-announce/2010/000105.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8439
http://www.securitytracker.com/id?1023701
http://secunia.com/advisories/38978
http://secunia.com/advisories/39628
http://www.vupen.com/english/advisories/2010/0634
http://www.vupen.com/english/advisories/2010/0994
XForce ISS Database: apache-http-modisapi-ocp-unspecified(56624)
https://exchange.xforce.ibmcloud.com/vulnerabilities/56624
Common Vulnerability Exposure (CVE) ID: CVE-2012-0021
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
HPdes Security Advisory: HPSBMU02748
http://marc.info/?l=bugtraq&m=133294460209056&w=2
HPdes Security Advisory: HPSBMU02786
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
HPdes Security Advisory: HPSBUX02761
http://marc.info/?l=bugtraq&m=133494237717847&w=2
HPdes Security Advisory: SSRT100772
HPdes Security Advisory: SSRT100823
HPdes Security Advisory: SSRT100877
http://www.mandriva.com/security/advisories?name=MDVSA-2012:012
https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8@%3Ccvs.httpd.apache.org%3E
RedHat Security Advisories: RHSA-2012:0542
http://rhn.redhat.com/errata/RHSA-2012-0542.html
RedHat Security Advisories: RHSA-2012:0543
http://rhn.redhat.com/errata/RHSA-2012-0543.html
http://secunia.com/advisories/48551
Common Vulnerability Exposure (CVE) ID: CVE-2014-0118
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
BugTraq ID: 68745
http://www.securityfocus.com/bid/68745
Debian Security Information: DSA-2989 (Google Search)
http://www.debian.org/security/2014/dsa-2989
https://security.gentoo.org/glsa/201504-03
HPdes Security Advisory: HPSBMU03380
http://marc.info/?l=bugtraq&m=143748090628601&w=2
HPdes Security Advisory: HPSBMU03409
http://marc.info/?l=bugtraq&m=144050155601375&w=2
HPdes Security Advisory: HPSBUX03337
http://marc.info/?l=bugtraq&m=143403519711434&w=2
HPdes Security Advisory: HPSBUX03512
http://marc.info/?l=bugtraq&m=144493176821532&w=2
HPdes Security Advisory: SSRT102066
HPdes Security Advisory: SSRT102254
http://www.mandriva.com/security/advisories?name=MDVSA-2014:142
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E
RedHat Security Advisories: RHSA-2014:1019
http://rhn.redhat.com/errata/RHSA-2014-1019.html
RedHat Security Advisories: RHSA-2014:1020
http://rhn.redhat.com/errata/RHSA-2014-1020.html
RedHat Security Advisories: RHSA-2014:1021
http://rhn.redhat.com/errata/RHSA-2014-1021.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-3167
BugTraq ID: 99135
http://www.securityfocus.com/bid/99135
Debian Security Information: DSA-3896 (Google Search)
http://www.debian.org/security/2017/dsa-3896
https://security.gentoo.org/glsa/201710-32
https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4@%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E
RedHat Security Advisories: RHSA-2017:2478
https://access.redhat.com/errata/RHSA-2017:2478
RedHat Security Advisories: RHSA-2017:2479
https://access.redhat.com/errata/RHSA-2017:2479
RedHat Security Advisories: RHSA-2017:2483
https://access.redhat.com/errata/RHSA-2017:2483
RedHat Security Advisories: RHSA-2017:3193
https://access.redhat.com/errata/RHSA-2017:3193
RedHat Security Advisories: RHSA-2017:3194
https://access.redhat.com/errata/RHSA-2017:3194
RedHat Security Advisories: RHSA-2017:3195
https://access.redhat.com/errata/RHSA-2017:3195
RedHat Security Advisories: RHSA-2017:3475
https://access.redhat.com/errata/RHSA-2017:3475
RedHat Security Advisories: RHSA-2017:3476
https://access.redhat.com/errata/RHSA-2017:3476
RedHat Security Advisories: RHSA-2017:3477
https://access.redhat.com/errata/RHSA-2017:3477
http://www.securitytracker.com/id/1038711
Common Vulnerability Exposure (CVE) ID: CVE-2017-3169
BugTraq ID: 99134
http://www.securityfocus.com/bid/99134
https://github.com/gottburgm/Exploits/tree/master/CVE-2017-3169
https://lists.apache.org/thread.html/84bf7fcc5cad35d355f11839cbdd13cbc5ffc1d34675090bff0f96ae@%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E
Common Vulnerability Exposure (CVE) ID: CVE-2017-7668
BugTraq ID: 99137
http://www.securityfocus.com/bid/99137
https://lists.apache.org/thread.html/55a068b6a5eec0b3198ae7d96a7cb412352d0ffa7716612c5af3745b@%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E
Common Vulnerability Exposure (CVE) ID: CVE-2017-7679
BugTraq ID: 99170
http://www.securityfocus.com/bid/99170
https://github.com/gottburgm/Exploits/tree/master/CVE-2017-7679
https://lists.apache.org/thread.html/f4515e580dfb6eeca589a5cdebd4c4c709ce632b12924f343c3b7751@%3Cdev.httpd.apache.org%3E
Common Vulnerability Exposure (CVE) ID: CVE-2017-9798
BugTraq ID: 100872
http://www.securityfocus.com/bid/100872
BugTraq ID: 105598
http://www.securityfocus.com/bid/105598
Debian Security Information: DSA-3980 (Google Search)
http://www.debian.org/security/2017/dsa-3980
https://www.exploit-db.com/exploits/42745/
http://openwall.com/lists/oss-security/2017/09/18/2
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch
https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a
https://github.com/hannob/optionsbleed
https://security-tracker.debian.org/tracker/CVE-2017-9798
https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
RedHat Security Advisories: RHSA-2017:2882
https://access.redhat.com/errata/RHSA-2017:2882
RedHat Security Advisories: RHSA-2017:2972
https://access.redhat.com/errata/RHSA-2017:2972
RedHat Security Advisories: RHSA-2017:3018
https://access.redhat.com/errata/RHSA-2017:3018
RedHat Security Advisories: RHSA-2017:3113
https://access.redhat.com/errata/RHSA-2017:3113
RedHat Security Advisories: RHSA-2017:3114
https://access.redhat.com/errata/RHSA-2017:3114
RedHat Security Advisories: RHSA-2017:3239
https://access.redhat.com/errata/RHSA-2017:3239
RedHat Security Advisories: RHSA-2017:3240
https://access.redhat.com/errata/RHSA-2017:3240
http://www.securitytracker.com/id/1039387
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.