English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.62872
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2007:0557
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0557.

The Apache HTTP Server is a popular Web server.

A flaw was found in the Apache HTTP Server mod_status module. On sites
where the server-status page is publicly accessible and ExtendedStatus is
enabled, this flaw could lead to a cross-site scripting attack. On Red Hat
Enterprise Linux, the server-status page is not enabled by default and it
is best practice to not make this publicly available. (CVE-2006-5752)

A bug was found in the Apache HTTP Server mod_cache module. On sites where
caching is enabled, a remote attacker could send a carefully crafted
request that would cause the Apache child process handling that request to
crash. This could lead to a denial of service if using a threaded
Multi-Processing Module. (CVE-2007-1863)

The Apache HTTP Server did not verify that a process was an Apache child
process before sending it signals. A local attacker with the ability to run
scripts on the Apache HTTP Server could manipulate the scoreboard and cause
arbitrary processes to be terminated which could lead to a denial of
service. (CVE-2007-3304).

Users of httpd should upgrade to these updated packages, which contain
backported patches to correct these issues. Users should restart Apache
after installing this update.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0557.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-5752
AIX APAR: PK49295
http://www-1.ibm.com/support/search.wss?rs=0&q=PK49295&apar=only
AIX APAR: PK52702
http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702
BugTraq ID: 24645
http://www.securityfocus.com/bid/24645
Bugtraq: 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server (Google Search)
http://www.securityfocus.com/archive/1/505990/100/0/threaded
http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html
http://security.gentoo.org/glsa/glsa-200711-06.xml
HPdes Security Advisory: HPSBUX02262
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
HPdes Security Advisory: SSRT071447
http://www.mandriva.com/security/advisories?name=MDKSA-2007:140
http://www.mandriva.com/security/advisories?name=MDKSA-2007:141
http://www.mandriva.com/security/advisories?name=MDKSA-2007:142
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245112
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E
http://lists.vmware.com/pipermail/security-announce/2009/000062.html
http://osvdb.org/37052
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10154
RedHat Security Advisories: RHSA-2007:0532
RedHat Security Advisories: RHSA-2007:0533
https://rhn.redhat.com/errata/RHSA-2007-0533.html
RedHat Security Advisories: RHSA-2007:0534
http://rhn.redhat.com/errata/RHSA-2007-0534.html
RedHat Security Advisories: RHSA-2007:0556
http://rhn.redhat.com/errata/RHSA-2007-0556.html
http://www.redhat.com/support/errata/RHSA-2007-0557.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.securitytracker.com/id?1018302
http://secunia.com/advisories/25827
http://secunia.com/advisories/25830
http://secunia.com/advisories/25873
http://secunia.com/advisories/25920
http://secunia.com/advisories/26273
http://secunia.com/advisories/26443
http://secunia.com/advisories/26458
http://secunia.com/advisories/26508
http://secunia.com/advisories/26822
http://secunia.com/advisories/26842
http://secunia.com/advisories/26993
http://secunia.com/advisories/27037
http://secunia.com/advisories/27563
http://secunia.com/advisories/27732
http://secunia.com/advisories/28212
http://secunia.com/advisories/28224
http://secunia.com/advisories/28606
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1
SuSE Security Announcement: SUSE-SA:2007:061 (Google Search)
http://www.novell.com/linux/security/advisories/2007_61_apache2.html
http://www.trustix.org/errata/2007/0026/
http://www.ubuntu.com/usn/usn-499-1
http://www.vupen.com/english/advisories/2007/2727
http://www.vupen.com/english/advisories/2007/3283
http://www.vupen.com/english/advisories/2007/3386
http://www.vupen.com/english/advisories/2007/4305
http://www.vupen.com/english/advisories/2008/0233
XForce ISS Database: apache-modstatus-xss(35097)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35097
Common Vulnerability Exposure (CVE) ID: CVE-2007-1863
AIX APAR: PK49355
http://www-1.ibm.com/support/docview.wss?uid=swg1PK49355
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
BugTraq ID: 24649
http://www.securityfocus.com/bid/24649
Cert/CC Advisory: TA08-150A
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244658
https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E
http://osvdb.org/37079
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9824
http://www.securitytracker.com/id?1018303
http://secunia.com/advisories/30430
http://www.vupen.com/english/advisories/2008/1697
Common Vulnerability Exposure (CVE) ID: CVE-2007-3304
AIX APAR: PK50467
http://www-1.ibm.com/support/search.wss?rs=0&q=PK50467&apar=only
AIX APAR: PK53984
http://www-1.ibm.com/support/docview.wss?uid=swg1PK53984
BugTraq ID: 24215
http://www.securityfocus.com/bid/24215
Bugtraq: 20070529 Apache httpd vulenrabilities (Google Search)
http://www.securityfocus.com/archive/1/469899/100/0/threaded
Bugtraq: 20070619 Apache Prefork MPM vulnerabilities - Report (Google Search)
http://www.securityfocus.com/archive/1/471832/100/0/threaded
HPdes Security Advisory: HPSBUX02273
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588
HPdes Security Advisory: SSRT071476
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111
http://security.psnc.pl/files/apache_report.pdf
http://marc.info/?l=apache-httpd-dev&m=118252946632447&w=2
http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/%3c20070629141032.GA15192@redhat.com%3e
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E
http://osvdb.org/38939
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11589
http://www.redhat.com/errata/RHSA-2007-0532.html
http://www.redhat.com/support/errata/RHSA-2007-0662.html
http://www.securitytracker.com/id?1018304
http://secunia.com/advisories/26211
http://secunia.com/advisories/26611
http://secunia.com/advisories/26759
http://secunia.com/advisories/26790
http://secunia.com/advisories/27121
http://secunia.com/advisories/27209
SGI Security Advisory: 20070701-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc
http://securityreason.com/securityalert/2814
http://www.vupen.com/english/advisories/2007/3100
http://www.vupen.com/english/advisories/2007/3420
http://www.vupen.com/english/advisories/2007/3494
XForce ISS Database: apache-child-process-dos(35095)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35095
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2024 E-Soft Inc. Todos los derechos reservados.