Anfälligkeitssuche        Suche in 191973 CVE Beschreibungen
und 86218 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.57243
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2006:0618
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing updates announced in
advisory RHSA-2006:0618.

The Apache HTTP Server is a popular Web server available for free.

A bug was found in Apache where an invalid Expect header sent to the server
was returned to the user in an unescaped error message. This could
allow an attacker to perform a cross-site scripting attack if a victim was
tricked into connecting to a site and sending a carefully crafted Expect
header. (CVE-2006-3918)

While a web browser cannot be forced to send an arbitrary Expect header by
a third-party attacker, it was recently discovered that certain versions of
the Flash plugin can manipulate request headers. If users running such
versions can be persuaded to load a web page with a malicious Flash applet,
a cross-site scripting attack against the server may be possible.

Users of Apache should upgrade to these updated packages, which contain a
backported patch to correct this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0618.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : Medium

CVSS Score:
4.3

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2006-3918
AIX APAR: PK24631
http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631
AIX APAR: PK27875
http://www-1.ibm.com/support/docview.wss?uid=swg24013080
BugTraq ID: 19661
http://www.securityfocus.com/bid/19661
Bugtraq: 20060508 Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1 (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html
Bugtraq: 20060724 Write-up by Amit Klein: "Forging HTTP request headers with Flash" (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html
Debian Security Information: DSA-1167 (Google Search)
http://www.debian.org/security/2006/dsa-1167
HPdes Security Advisory: HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: HPSBUX02465
http://marc.info/?l=bugtraq&m=125631037611762&w=2
HPdes Security Advisory: HPSBUX02612
http://marc.info/?l=bugtraq&m=129190899612998&w=2
HPdes Security Advisory: SSRT090192
HPdes Security Advisory: SSRT090208
HPdes Security Advisory: SSRT100345
OpenBSD Security Advisory: [3.9] 012: SECURITY FIX: October 7, 2006
http://openbsd.org/errata.html#httpd2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238
RedHat Security Advisories: RHSA-2006:0618
http://rhn.redhat.com/errata/RHSA-2006-0618.html
http://www.redhat.com/support/errata/RHSA-2006-0619.html
RedHat Security Advisories: RHSA-2006:0692
http://rhn.redhat.com/errata/RHSA-2006-0692.html
http://securitytracker.com/id?1016569
http://www.securitytracker.com/id?1024144
http://secunia.com/advisories/21172
http://secunia.com/advisories/21174
http://secunia.com/advisories/21399
http://secunia.com/advisories/21478
http://secunia.com/advisories/21598
http://secunia.com/advisories/21744
http://secunia.com/advisories/21848
http://secunia.com/advisories/21986
http://secunia.com/advisories/22140
http://secunia.com/advisories/22317
http://secunia.com/advisories/22523
http://secunia.com/advisories/28749
http://secunia.com/advisories/29640
http://secunia.com/advisories/40256
SGI Security Advisory: 20060801-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
http://securityreason.com/securityalert/1294
SuSE Security Announcement: SUSE-SA:2006:051 (Google Search)
http://www.novell.com/linux/security/advisories/2006_51_apache.html
SuSE Security Announcement: SUSE-SA:2008:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
http://www.ubuntu.com/usn/usn-575-1
http://www.vupen.com/english/advisories/2006/2963
http://www.vupen.com/english/advisories/2006/2964
http://www.vupen.com/english/advisories/2006/3264
http://www.vupen.com/english/advisories/2006/4207
http://www.vupen.com/english/advisories/2006/5089
http://www.vupen.com/english/advisories/2010/1572
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 86218 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.