Anfälligkeitssuche        Suche in 191973 CVE Beschreibungen
und 86218 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2006:0618

The remote host is missing updates announced in
advisory RHSA-2006:0618.

The Apache HTTP Server is a popular Web server available for free.

A bug was found in Apache where an invalid Expect header sent to the server
was returned to the user in an unescaped error message. This could
allow an attacker to perform a cross-site scripting attack if a victim was
tricked into connecting to a site and sending a carefully crafted Expect
header. (CVE-2006-3918)

While a web browser cannot be forced to send an arbitrary Expect header by
a third-party attacker, it was recently discovered that certain versions of
the Flash plugin can manipulate request headers. If users running such
versions can be persuaded to load a web page with a malicious Flash applet,
a cross-site scripting attack against the server may be possible.

Users of Apache should upgrade to these updated packages, which contain a
backported patch to correct this issue.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Medium

CVSS Score:

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2006-3918
BugTraq ID: 19661
Bugtraq: 20060508 Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1 (Google Search)
Bugtraq: 20060724 Write-up by Amit Klein: "Forging HTTP request headers with Flash" (Google Search)
Debian Security Information: DSA-1167 (Google Search)
HPdes Security Advisory: HPSBOV02683
HPdes Security Advisory: HPSBUX02465
HPdes Security Advisory: HPSBUX02612
HPdes Security Advisory: SSRT090192
HPdes Security Advisory: SSRT090208
HPdes Security Advisory: SSRT100345
OpenBSD Security Advisory: [3.9] 012: SECURITY FIX: October 7, 2006
RedHat Security Advisories: RHSA-2006:0618
RedHat Security Advisories: RHSA-2006:0692
SGI Security Advisory: 20060801-01-P
SuSE Security Announcement: SUSE-SA:2006:051 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:021 (Google Search)
CopyrightCopyright (c) 2006 E-Soft Inc.

Dies ist nur einer von 86218 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.