Test Kennung:	1.3.6.1.4.1.25623.1.0.54286
Kategorie:	Trustix Local Security Checks
Titel:	Trustix Security Advisory TSLSA-2004-0027 (apache)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory TSLSA-2004-0027. From the Apache http server main page: In mod_digest, verify whether the nonce returned in the client response is one we issued ourselves. This problem does not affect mod_auth_digest. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0987 to this issue. Escape arbitrary data before writing into the errorlog. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0020 to this issue. Fix starvation issue on listening sockets where a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections until another connection arrives on that rarely-accessed listening socket. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0174 to this issue. Fix parsing of Allow/Deny rules using IP addresses without a netmask issue is only known to affect big-endian 64-bit platforms The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0993 to this issue. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2004-0027 Risk factor : High CVSS Score: 7.5
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0987 BugTraq ID: 9571 http://www.securityfocus.com/bid/9571 Bugtraq: 20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache) (Google Search) http://marc.info/?l=bugtraq&m=108437852004207&w=2 http://security.gentoo.org/glsa/glsa-200405-22.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:046 https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100108 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4416 http://www.redhat.com/support/errata/RHSA-2004-600.html http://www.redhat.com/support/errata/RHSA-2005-816.html http://securitytracker.com/id?1008920 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1 http://www.trustix.org/errata/2004/0027 XForce ISS Database: apache-moddigest-response-replay(15041) https://exchange.xforce.ibmcloud.com/vulnerabilities/15041 Common Vulnerability Exposure (CVE) ID: CVE-2003-0020 http://marc.info/?l=bugtraq&m=108369640424244&w=2 BugTraq ID: 9930 http://www.securityfocus.com/bid/9930 Bugtraq: 20030224 Terminal Emulator Security Issues (Google Search) http://marc.info/?l=bugtraq&m=104612710031920&w=2 HPdes Security Advisory: SSRT4717 http://marc.info/?l=bugtraq&m=108731648532365&w=2 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:050 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100109 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A150 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4114 http://www.redhat.com/support/errata/RHSA-2003-082.html http://www.redhat.com/support/errata/RHSA-2003-083.html http://www.redhat.com/support/errata/RHSA-2003-104.html http://www.redhat.com/support/errata/RHSA-2003-139.html http://www.redhat.com/support/errata/RHSA-2003-243.html http://www.redhat.com/support/errata/RHSA-2003-244.html http://www.trustix.org/errata/2004/0017 http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html http://www.iss.net/security_center/static/11412.php Common Vulnerability Exposure (CVE) ID: CVE-2004-0174 BugTraq ID: 9921 http://www.securityfocus.com/bid/9921 Bugtraq: 20040319 [ANNOUNCE] Apache HTTP Server 2.0.49 Released (fwd) (Google Search) http://marc.info/?l=bugtraq&m=107973894328806&w=2 CERT/CC vulnerability note: VU#132110 http://www.kb.cert.org/vuls/id/132110 https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100110 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1982 http://www.redhat.com/support/errata/RHSA-2004-405.html http://www.securitytracker.com/alerts/2004/Mar/1009495.html http://secunia.com/advisories/11170 http://marc.info/?l=bugtraq&m=108066914830552&w=2 XForce ISS Database: apache-socket-starvation-dos(15540) https://exchange.xforce.ibmcloud.com/vulnerabilities/15540 Common Vulnerability Exposure (CVE) ID: CVE-2003-0993 BugTraq ID: 9829 http://www.securityfocus.com/bid/9829 http://marc.info/?l=apache-cvs&m=107869603013722 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100111 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4670 XForce ISS Database: apache-modaccess-obtain-information(15422) https://exchange.xforce.ibmcloud.com/vulnerabilities/15422
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.