Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.64527 |
Categoría: | Mandrake Local Security Checks |
Título: | Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security) |
Resumen: | NOSUMMARY |
Descripción: | Description: The remote host is missing an update to apache-mod_security announced via advisory MDVSA-2009:184. Multiple vulnerabilities has been found and corrected in mod_security: The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference (CVE-2009-1902). The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method (CVE-2009-1903). This update provides mod_security 2.5.9, which is not vulnerable to these issues. Affected: Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2009:184 CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-1902 BugTraq ID: 34096 http://www.securityfocus.com/bid/34096 Bugtraq: 20090319 [ISecAuditors Security Advisories] ModSecurity < 2.5.9 remote Denial of Service (Google Search) http://www.securityfocus.com/archive/1/501968 https://www.exploit-db.com/exploits/8241 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00487.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00529.html http://security.gentoo.org/glsa/glsa-200907-02.xml http://www.osvdb.org/52553 http://secunia.com/advisories/34256 http://secunia.com/advisories/34311 http://secunia.com/advisories/35687 SuSE Security Announcement: SUSE-SR:2009:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://www.vupen.com/english/advisories/2009/0703 XForce ISS Database: modsecurity-multipart-dos(49212) https://exchange.xforce.ibmcloud.com/vulnerabilities/49212 Common Vulnerability Exposure (CVE) ID: CVE-2009-1903 http://www.osvdb.org/52552 XForce ISS Database: modsecurity-pdfxss-dos(49211) https://exchange.xforce.ibmcloud.com/vulnerabilities/49211 |
Copyright | Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |