Anfälligkeitssuche        Suche in 191973 CVE Beschreibungen
und 86218 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.57335
Kategorie:Debian Local Security Checks
Titel:Debian Security Advisory DSA 1167-1 (apache)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing an update to apache
announced via advisory DSA 1167-1.

Several remote vulnerabilities have been discovered in the Apache, the
worlds most popular webserver, which may lead to the execution of arbitrary
web script. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2005-3352

A cross-site scripting (XSS) flaw exists in the mod_imap component of
the Apache server.

CVE-2006-3918

Apache does not sanitize the Expect header from an HTTP request when
it is reflected back in an error message, which might allow cross-site
scripting (XSS) style attacks.

For the stable distribution (sarge) these problems have been fixed in
version 1.3.33-6sarge3.

For the unstable distribution (sid) these problems have been fixed in
version 1.3.34-3.

We recommend that you upgrade your apache package.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201167-1

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2006-3918
AIX APAR: PK24631
http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631
AIX APAR: PK27875
http://www-1.ibm.com/support/docview.wss?uid=swg24013080
BugTraq ID: 19661
http://www.securityfocus.com/bid/19661
Bugtraq: 20060508 Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1 (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html
Bugtraq: 20060724 Write-up by Amit Klein: "Forging HTTP request headers with Flash" (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html
Debian Security Information: DSA-1167 (Google Search)
http://www.debian.org/security/2006/dsa-1167
HPdes Security Advisory: HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: HPSBUX02465
http://marc.info/?l=bugtraq&m=125631037611762&w=2
HPdes Security Advisory: HPSBUX02612
http://marc.info/?l=bugtraq&m=129190899612998&w=2
HPdes Security Advisory: SSRT090192
HPdes Security Advisory: SSRT090208
HPdes Security Advisory: SSRT100345
OpenBSD Security Advisory: [3.9] 012: SECURITY FIX: October 7, 2006
http://openbsd.org/errata.html#httpd2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238
RedHat Security Advisories: RHSA-2006:0618
http://rhn.redhat.com/errata/RHSA-2006-0618.html
http://www.redhat.com/support/errata/RHSA-2006-0619.html
RedHat Security Advisories: RHSA-2006:0692
http://rhn.redhat.com/errata/RHSA-2006-0692.html
http://securitytracker.com/id?1016569
http://www.securitytracker.com/id?1024144
http://secunia.com/advisories/21172
http://secunia.com/advisories/21174
http://secunia.com/advisories/21399
http://secunia.com/advisories/21478
http://secunia.com/advisories/21598
http://secunia.com/advisories/21744
http://secunia.com/advisories/21848
http://secunia.com/advisories/21986
http://secunia.com/advisories/22140
http://secunia.com/advisories/22317
http://secunia.com/advisories/22523
http://secunia.com/advisories/28749
http://secunia.com/advisories/29640
http://secunia.com/advisories/40256
SGI Security Advisory: 20060801-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
http://securityreason.com/securityalert/1294
SuSE Security Announcement: SUSE-SA:2006:051 (Google Search)
http://www.novell.com/linux/security/advisories/2006_51_apache.html
SuSE Security Announcement: SUSE-SA:2008:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
http://www.ubuntu.com/usn/usn-575-1
http://www.vupen.com/english/advisories/2006/2963
http://www.vupen.com/english/advisories/2006/2964
http://www.vupen.com/english/advisories/2006/3264
http://www.vupen.com/english/advisories/2006/4207
http://www.vupen.com/english/advisories/2006/5089
http://www.vupen.com/english/advisories/2010/1572
Common Vulnerability Exposure (CVE) ID: CVE-2005-3352
AIX APAR: PK16139
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only
AIX APAR: PK25355
http://www-1.ibm.com/support/search.wss?rs=0&q=PK25355&apar=only
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
BugTraq ID: 15834
http://www.securityfocus.com/bid/15834
Cert/CC Advisory: TA08-150A
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00060.html
http://www.securityfocus.com/archive/1/425399/100/0/threaded
http://www.gentoo.org/security/en/glsa/glsa-200602-03.xml
HPdes Security Advisory: HPSBMA02328
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449
HPdes Security Advisory: HPSBUX02145
http://www.securityfocus.com/archive/1/445206/100/0/threaded
HPdes Security Advisory: HPSBUX02164
http://www.securityfocus.com/archive/1/450321/100/0/threaded
HPdes Security Advisory: HPSBUX02172
http://www.securityfocus.com/archive/1/450315/100/0/threaded
HPdes Security Advisory: SSRT061202
HPdes Security Advisory: SSRT061265
HPdes Security Advisory: SSRT061269
HPdes Security Advisory: SSRT071293
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:007
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
http://www.openpkg.org/security/OpenPKG-SA-2005.029-apache.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10480
http://www.redhat.com/support/errata/RHSA-2006-0158.html
RedHat Security Advisories: RHSA-2006:0159
http://rhn.redhat.com/errata/RHSA-2006-0159.html
http://securitytracker.com/id?1015344
http://secunia.com/advisories/17319
http://secunia.com/advisories/18008
http://secunia.com/advisories/18333
http://secunia.com/advisories/18339
http://secunia.com/advisories/18340
http://secunia.com/advisories/18429
http://secunia.com/advisories/18517
http://secunia.com/advisories/18526
http://secunia.com/advisories/18585
http://secunia.com/advisories/18743
http://secunia.com/advisories/19012
http://secunia.com/advisories/20046
http://secunia.com/advisories/20670
http://secunia.com/advisories/22368
http://secunia.com/advisories/22388
http://secunia.com/advisories/22669
http://secunia.com/advisories/23260
http://secunia.com/advisories/25239
http://secunia.com/advisories/29420
http://secunia.com/advisories/29849
http://secunia.com/advisories/30430
SGI Security Advisory: 20060101-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.685483
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.470158
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1
SuSE Security Announcement: SUSE-SA:2006:043 (Google Search)
http://www.novell.com/linux/security/advisories/2006_43_apache.html
SuSE Security Announcement: SUSE-SR:2006:004 (Google Search)
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html
SuSE Security Announcement: SUSE-SR:2007:011 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html
http://www.trustix.org/errata/2005/0074/
http://www.ubuntulinux.org/usn/usn-241-1
http://www.vupen.com/english/advisories/2005/2870
http://www.vupen.com/english/advisories/2006/2423
http://www.vupen.com/english/advisories/2006/3995
http://www.vupen.com/english/advisories/2006/4015
http://www.vupen.com/english/advisories/2006/4300
http://www.vupen.com/english/advisories/2006/4868
http://www.vupen.com/english/advisories/2008/0924/references
http://www.vupen.com/english/advisories/2008/1246/references
http://www.vupen.com/english/advisories/2008/1697
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 86218 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.