SuSE Local Security Checks : SuSE Security Advisory SUSE-SA:2008:021 (apache2,apache)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.60664
Kategorie:	SuSE Local Security Checks
Titel:	SuSE Security Advisory SUSE-SA:2008:021 (apache2,apache)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory SUSE-SA:2008:021. Various minor bugs have been fixed in the Apache 1 and Apache 2 web servers and released as a roll-up update. Security problems that were fixed include: - cross site scripting problem when processing the 'Expect' header (CVE-2006-3918) (Apache 1 only) - cross site scripting problem in mod_imap (CVE-2007-5000) (Apache 1 and 2) - cross site scripting problem in mod_status (CVE-2007-6388) (Apache 1 and 2) - cross site scripting problem in the ftp proxy module (CVE-2008-0005) (Apache 1 and 2) - cross site scripting problem in the error page for status code 413 (CVE-2007-6203) (Apache 2) - cross site scripting problem in mod_proxy_balancer (CVE-2007-6421) (Apache 2) - A flaw in mod_proxy_balancer allowed attackers to crash apache (CVE-2007-6422) (Apache 2) Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2008:021 Risk factor : Medium CVSS Score: 4.3
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2006-3918 AIX APAR: PK24631 http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631 AIX APAR: PK27875 http://www-1.ibm.com/support/docview.wss?uid=swg24013080 BugTraq ID: 19661 http://www.securityfocus.com/bid/19661 Bugtraq: 20060508 Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1 (Google Search) http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html Bugtraq: 20060724 Write-up by Amit Klein: "Forging HTTP request headers with Flash" (Google Search) http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html Debian Security Information: DSA-1167 (Google Search) http://www.debian.org/security/2006/dsa-1167 HPdes Security Advisory: HPSBOV02683 http://marc.info/?l=bugtraq&m=130497311408250&w=2 HPdes Security Advisory: HPSBUX02465 http://marc.info/?l=bugtraq&m=125631037611762&w=2 HPdes Security Advisory: HPSBUX02612 http://marc.info/?l=bugtraq&m=129190899612998&w=2 HPdes Security Advisory: SSRT090192 HPdes Security Advisory: SSRT090208 HPdes Security Advisory: SSRT100345 https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E OpenBSD Security Advisory: [3.9] 012: SECURITY FIX: October 7, 2006 http://openbsd.org/errata.html#httpd2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238 RedHat Security Advisories: RHSA-2006:0618 http://rhn.redhat.com/errata/RHSA-2006-0618.html http://www.redhat.com/support/errata/RHSA-2006-0619.html RedHat Security Advisories: RHSA-2006:0692 http://rhn.redhat.com/errata/RHSA-2006-0692.html http://securitytracker.com/id?1016569 http://www.securitytracker.com/id?1024144 http://secunia.com/advisories/21172 http://secunia.com/advisories/21174 http://secunia.com/advisories/21399 http://secunia.com/advisories/21478 http://secunia.com/advisories/21598 http://secunia.com/advisories/21744 http://secunia.com/advisories/21848 http://secunia.com/advisories/21986 http://secunia.com/advisories/22140 http://secunia.com/advisories/22317 http://secunia.com/advisories/22523 http://secunia.com/advisories/28749 http://secunia.com/advisories/29640 http://secunia.com/advisories/40256 SGI Security Advisory: 20060801-01-P ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P http://securityreason.com/securityalert/1294 SuSE Security Announcement: SUSE-SA:2006:051 (Google Search) http://www.novell.com/linux/security/advisories/2006_51_apache.html SuSE Security Announcement: SUSE-SA:2008:021 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html http://www.ubuntu.com/usn/usn-575-1 http://www.vupen.com/english/advisories/2006/2963 http://www.vupen.com/english/advisories/2006/2964 http://www.vupen.com/english/advisories/2006/3264 http://www.vupen.com/english/advisories/2006/4207 http://www.vupen.com/english/advisories/2006/5089 http://www.vupen.com/english/advisories/2010/1572 Common Vulnerability Exposure (CVE) ID: CVE-2007-5000 AIX APAR: PK58024 http://www-1.ibm.com/support/docview.wss?uid=swg1PK58024 AIX APAR: PK58074 http://www-1.ibm.com/support/docview.wss?uid=swg1PK58074 AIX APAR: PK63273 http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273 AIX APAR: PK65782 http://www-1.ibm.com/support/docview.wss?uid=swg24019245 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2008//May/msg00001.html BugTraq ID: 26838 http://www.securityfocus.com/bid/26838 Bugtraq: 20080716 rPSA-2008-0035-1 httpd mod_ssl (Google Search) http://www.securityfocus.com/archive/1/494428/100/0/threaded Bugtraq: 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server (Google Search) http://www.securityfocus.com/archive/1/505990/100/0/threaded Cert/CC Advisory: TA08-150A http://www.us-cert.gov/cas/techalerts/TA08-150A.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html HPdes Security Advisory: HPSBMA02388 http://www.securityfocus.com/archive/1/498523/100/0/threaded HPdes Security Advisory: HPSBUX02308 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501 HPdes Security Advisory: SSRT080010 HPdes Security Advisory: SSRT080059 http://www.mandriva.com/security/advisories?name=MDVSA-2008:014 http://www.mandriva.com/security/advisories?name=MDVSA-2008:015 http://www.mandriva.com/security/advisories?name=MDVSA-2008:016 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E http://lists.vmware.com/pipermail/security-announce/2009/000062.html http://www.osvdb.org/39134 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9539 http://www.redhat.com/support/errata/RHSA-2008-0004.html http://www.redhat.com/support/errata/RHSA-2008-0005.html http://www.redhat.com/support/errata/RHSA-2008-0006.html http://www.redhat.com/support/errata/RHSA-2008-0007.html http://www.redhat.com/support/errata/RHSA-2008-0008.html http://www.redhat.com/support/errata/RHSA-2008-0009.html http://www.redhat.com/support/errata/RHSA-2008-0261.html http://securitytracker.com/id?1019093 http://secunia.com/advisories/28046 http://secunia.com/advisories/28073 http://secunia.com/advisories/28081 http://secunia.com/advisories/28196 http://secunia.com/advisories/28375 http://secunia.com/advisories/28467 http://secunia.com/advisories/28471 http://secunia.com/advisories/28525 http://secunia.com/advisories/28526 http://secunia.com/advisories/28607 http://secunia.com/advisories/28750 http://secunia.com/advisories/28922 http://secunia.com/advisories/28977 http://secunia.com/advisories/29420 http://secunia.com/advisories/29806 http://secunia.com/advisories/29988 http://secunia.com/advisories/30356 http://secunia.com/advisories/30430 http://secunia.com/advisories/30732 http://secunia.com/advisories/31142 http://secunia.com/advisories/32800 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748 http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1 http://www.vupen.com/english/advisories/2007/4201 http://www.vupen.com/english/advisories/2007/4202 http://www.vupen.com/english/advisories/2007/4301 http://www.vupen.com/english/advisories/2008/0084 http://www.vupen.com/english/advisories/2008/0178 http://www.vupen.com/english/advisories/2008/0398 http://www.vupen.com/english/advisories/2008/0809/references http://www.vupen.com/english/advisories/2008/0924/references http://www.vupen.com/english/advisories/2008/1224/references http://www.vupen.com/english/advisories/2008/1623/references http://www.vupen.com/english/advisories/2008/1697 http://www.vupen.com/english/advisories/2008/1875/references XForce ISS Database: apache-modimagemap-xss(39002) https://exchange.xforce.ibmcloud.com/vulnerabilities/39002 XForce ISS Database: apache-modimap-xss(39001) https://exchange.xforce.ibmcloud.com/vulnerabilities/39001 Common Vulnerability Exposure (CVE) ID: CVE-2007-6203 AIX APAR: PK57952 http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952 BugTraq ID: 26663 http://www.securityfocus.com/bid/26663 Bugtraq: 20071130 PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method (Google Search) http://www.securityfocus.com/archive/1/484410/100/0/threaded http://security.gentoo.org/glsa/glsa-200803-19.xml http://procheckup.com/Vulnerability_PR07-37.php https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166 http://www.securitytracker.com/id?1019030 http://secunia.com/advisories/27906 http://secunia.com/advisories/29348 http://secunia.com/advisories/33105 http://secunia.com/advisories/34219 http://securityreason.com/securityalert/3411 http://www.ubuntu.com/usn/USN-731-1 http://www.vupen.com/english/advisories/2007/4060 XForce ISS Database: apache-413error-xss(38800) https://exchange.xforce.ibmcloud.com/vulnerabilities/38800 Common Vulnerability Exposure (CVE) ID: CVE-2007-6388 AIX APAR: PK59667 http://www-1.ibm.com/support/search.wss?rs=0&q=PK59667&apar=only AIX APAR: PK62966 http://www-1.ibm.com/support/docview.wss?uid=swg1PK62966 BugTraq ID: 27237 http://www.securityfocus.com/bid/27237 HPdes Security Advisory: HPSBUX02313 http://www.securityfocus.com/archive/1/488082/100/0/threaded HPdes Security Advisory: SSRT080015 https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10272 http://securitytracker.com/id?1019154 http://secunia.com/advisories/28965 http://secunia.com/advisories/29504 http://secunia.com/advisories/33200 http://securityreason.com/securityalert/3541 http://www.vupen.com/english/advisories/2008/0047 http://www.vupen.com/english/advisories/2008/0447/references http://www.vupen.com/english/advisories/2008/0554 http://www.vupen.com/english/advisories/2008/0986/references XForce ISS Database: apache-status-page-xss(39472) https://exchange.xforce.ibmcloud.com/vulnerabilities/39472 Common Vulnerability Exposure (CVE) ID: CVE-2007-6421 BugTraq ID: 27236 http://www.securityfocus.com/bid/27236 Bugtraq: 20080110 SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability (Google Search) http://www.securityfocus.com/archive/1/486169/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10664 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8651 http://securityreason.com/securityalert/3523 http://www.vupen.com/english/advisories/2008/0048 XForce ISS Database: apache-modproxybalancer-xss(39474) https://exchange.xforce.ibmcloud.com/vulnerabilities/39474 Common Vulnerability Exposure (CVE) ID: CVE-2007-6422 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10181 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8690 XForce ISS Database: apache-modproxybalancer-dos(39476) https://exchange.xforce.ibmcloud.com/vulnerabilities/39476 Common Vulnerability Exposure (CVE) ID: CVE-2008-0005 BugTraq ID: 27234 http://www.securityfocus.com/bid/27234 Bugtraq: 20080110 SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability (Google Search) http://www.securityfocus.com/archive/1/486167/100/0/threaded HPdes Security Advisory: HPSBUX02431 http://marc.info/?l=bugtraq&m=124654546101607&w=2 HPdes Security Advisory: SSRT090085 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10812 http://www.securitytracker.com/id?1019185 http://secunia.com/advisories/35650 http://securityreason.com/securityalert/3526 http://securityreason.com/achievement_securityalert/49 XForce ISS Database: apache-modproxyftp-utf7-xss(39615) https://exchange.xforce.ibmcloud.com/vulnerabilities/39615
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com