Turbolinux Local Security Tests : Turbolinux TLSA-2005-81 (apache, httpd)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.55022

Categoría: Turbolinux Local Security Tests

Título: Turbolinux TLSA-2005-81 (apache, httpd)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to apache, httpd
announced via advisory TLSA-2005-81.

Apache is a powerful, full-featured, efficient, and freely-available
Web server. Apache is also the most popular Web server on the Internet.

- A vulnerability in the manner in which mod_ssl handles CRL
could allow remote attackers to cause a denial of service.
- The apache, when acting as an HTTP proxy, allows remote attackers to poison the web cache,
bypass web application firewall protection, and conduct XSS attacks via an HTTP request.

These vulerabilities allow remote attackers to cause a denial of service.

Solution: Please use the turbopkg (zabom) tool to apply the update.
http://www.securityspace.com/smysecure/catid.html?in=TLSA-2005-81

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-1268
BugTraq ID: 14366
http://www.securityfocus.com/bid/14366
Debian Security Information: DSA-805 (Google Search)
http://www.debian.org/security/2005/dsa-805
HPdes Security Advisory: HPSBUX02074
http://www.securityfocus.com/archive/1/428138/100/0/threaded
HPdes Security Advisory: SSRT051251
http://www.mandriva.com/security/advisories?name=MDKSA-2005:129
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163013
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1346
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1714
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1747
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9589
http://www.redhat.com/support/errata/RHSA-2005-582.html
http://rhn.redhat.com/errata/RHSA-2005-582.html
http://secunia.com/advisories/19072
http://secunia.com/advisories/19185
http://securityreason.com/securityalert/604
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
SuSE Security Announcement: SUSE-SA:2005:046 (Google Search)
http://www.novell.com/linux/security/advisories/2005_46_apache.html
SuSE Security Announcement: SUSE-SR:2005:018 (Google Search)
http://www.novell.com/linux/security/advisories/2005_18_sr.html
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
http://www.vupen.com/english/advisories/2006/0789
Common Vulnerability Exposure (CVE) ID: CVE-2005-2088
AIX APAR: PK13959
http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only
AIX APAR: PK16139
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only
http://docs.info.apple.com/article.html?artnum=302847
BugTraq ID: 14106
http://www.securityfocus.com/bid/14106
BugTraq ID: 15647
http://www.securityfocus.com/bid/15647
Bugtraq: 20050606 A new whitepaper by Watchfire - HTTP Request Smuggling (Google Search)
http://seclists.org/lists/bugtraq/2005/Jun/0025.html
Debian Security Information: DSA-803 (Google Search)
http://www.debian.org/security/2005/dsa-803
HPdes Security Advisory: HPSBUX02101
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828
HPdes Security Advisory: SSRT051128
http://www.mandriva.com/security/advisories?name=MDKSA-2005:130
http://www.securiteam.com/securityreviews/5GP0220G0U.html
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840
http://securitytracker.com/id?1014323
http://secunia.com/advisories/14530
http://secunia.com/advisories/17319
http://secunia.com/advisories/17487
http://secunia.com/advisories/17813
http://secunia.com/advisories/19073
http://secunia.com/advisories/19317
http://secunia.com/advisories/23074
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1
http://www.ubuntu.com/usn/usn-160-2
http://www.vupen.com/english/advisories/2005/2140
http://www.vupen.com/english/advisories/2005/2659
http://www.vupen.com/english/advisories/2006/1018
http://www.vupen.com/english/advisories/2006/4680

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.55022
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2005-81 (apache, httpd)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to apache, httpd announced via advisory TLSA-2005-81. Apache is a powerful, full-featured, efficient, and freely-available Web server. Apache is also the most popular Web server on the Internet. - A vulnerability in the manner in which mod_ssl handles CRL could allow remote attackers to cause a denial of service. - The apache, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request. These vulerabilities allow remote attackers to cause a denial of service. Solution: Please use the turbopkg (zabom) tool to apply the update. http://www.securityspace.com/smysecure/catid.html?in=TLSA-2005-81 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1268 BugTraq ID: 14366 http://www.securityfocus.com/bid/14366 Debian Security Information: DSA-805 (Google Search) http://www.debian.org/security/2005/dsa-805 HPdes Security Advisory: HPSBUX02074 http://www.securityfocus.com/archive/1/428138/100/0/threaded HPdes Security Advisory: SSRT051251 http://www.mandriva.com/security/advisories?name=MDKSA-2005:129 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163013 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1346 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1714 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1747 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9589 http://www.redhat.com/support/errata/RHSA-2005-582.html http://rhn.redhat.com/errata/RHSA-2005-582.html http://secunia.com/advisories/19072 http://secunia.com/advisories/19185 http://securityreason.com/securityalert/604 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 SuSE Security Announcement: SUSE-SA:2005:046 (Google Search) http://www.novell.com/linux/security/advisories/2005_46_apache.html SuSE Security Announcement: SUSE-SR:2005:018 (Google Search) http://www.novell.com/linux/security/advisories/2005_18_sr.html http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://www.vupen.com/english/advisories/2006/0789 Common Vulnerability Exposure (CVE) ID: CVE-2005-2088 AIX APAR: PK13959 http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only AIX APAR: PK16139 http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only http://docs.info.apple.com/article.html?artnum=302847 BugTraq ID: 14106 http://www.securityfocus.com/bid/14106 BugTraq ID: 15647 http://www.securityfocus.com/bid/15647 Bugtraq: 20050606 A new whitepaper by Watchfire - HTTP Request Smuggling (Google Search) http://seclists.org/lists/bugtraq/2005/Jun/0025.html Debian Security Information: DSA-803 (Google Search) http://www.debian.org/security/2005/dsa-803 HPdes Security Advisory: HPSBUX02101 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828 HPdes Security Advisory: SSRT051128 http://www.mandriva.com/security/advisories?name=MDKSA-2005:130 http://www.securiteam.com/securityreviews/5GP0220G0U.html http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840 http://securitytracker.com/id?1014323 http://secunia.com/advisories/14530 http://secunia.com/advisories/17319 http://secunia.com/advisories/17487 http://secunia.com/advisories/17813 http://secunia.com/advisories/19073 http://secunia.com/advisories/19317 http://secunia.com/advisories/23074 http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1 http://www.ubuntu.com/usn/usn-160-2 http://www.vupen.com/english/advisories/2005/2140 http://www.vupen.com/english/advisories/2005/2659 http://www.vupen.com/english/advisories/2006/1018 http://www.vupen.com/english/advisories/2006/4680
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com