Test Kennung:	1.3.6.1.4.1.25623.1.0.58437
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDKSA-2007:141 (apache)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to apache announced via advisory MDKSA-2007:141. A vulnerability was discovered in the the Apache mod_status module that could lead to a cross-site scripting attack on sites where the server-status page was publically accessible and ExtendedStatus was enabled (CVE-2006-5752). A vulnerability was found in the Apache mod_cache module that could cause the httpd server child process to crash if it was sent a carefully crafted request. This could lead to a denial of service if using a threaded MPM (CVE-2007-1863). Updated packages have been patched to prevent the above issues. Affected: Corporate 3.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:141 Risk factor : Medium CVSS Score: 5.0
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2006-5752 AIX APAR: PK49295 http://www-1.ibm.com/support/search.wss?rs=0&q=PK49295&apar=only AIX APAR: PK52702 http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702 BugTraq ID: 24645 http://www.securityfocus.com/bid/24645 Bugtraq: 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server (Google Search) http://www.securityfocus.com/archive/1/505990/100/0/threaded http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html http://security.gentoo.org/glsa/glsa-200711-06.xml HPdes Security Advisory: HPSBUX02262 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 HPdes Security Advisory: SSRT071447 http://www.mandriva.com/security/advisories?name=MDKSA-2007:140 http://www.mandriva.com/security/advisories?name=MDKSA-2007:141 http://www.mandriva.com/security/advisories?name=MDKSA-2007:142 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245112 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E http://lists.vmware.com/pipermail/security-announce/2009/000062.html http://osvdb.org/37052 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10154 http://www.redhat.com/support/errata/RHSA-2007-0532.html RedHat Security Advisories: RHSA-2007:0533 https://rhn.redhat.com/errata/RHSA-2007-0533.html RedHat Security Advisories: RHSA-2007:0534 http://rhn.redhat.com/errata/RHSA-2007-0534.html RedHat Security Advisories: RHSA-2007:0556 http://rhn.redhat.com/errata/RHSA-2007-0556.html http://www.redhat.com/support/errata/RHSA-2007-0557.html http://www.redhat.com/support/errata/RHSA-2008-0261.html http://www.securitytracker.com/id?1018302 http://secunia.com/advisories/25827 http://secunia.com/advisories/25830 http://secunia.com/advisories/25873 http://secunia.com/advisories/25920 http://secunia.com/advisories/26273 http://secunia.com/advisories/26443 http://secunia.com/advisories/26458 http://secunia.com/advisories/26508 http://secunia.com/advisories/26822 http://secunia.com/advisories/26842 http://secunia.com/advisories/26993 http://secunia.com/advisories/27037 http://secunia.com/advisories/27563 http://secunia.com/advisories/27732 http://secunia.com/advisories/28212 http://secunia.com/advisories/28224 http://secunia.com/advisories/28606 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1 SuSE Security Announcement: SUSE-SA:2007:061 (Google Search) http://www.novell.com/linux/security/advisories/2007_61_apache2.html http://www.trustix.org/errata/2007/0026/ http://www.ubuntu.com/usn/usn-499-1 http://www.vupen.com/english/advisories/2007/2727 http://www.vupen.com/english/advisories/2007/3283 http://www.vupen.com/english/advisories/2007/3386 http://www.vupen.com/english/advisories/2007/4305 http://www.vupen.com/english/advisories/2008/0233 XForce ISS Database: apache-modstatus-xss(35097) https://exchange.xforce.ibmcloud.com/vulnerabilities/35097 Common Vulnerability Exposure (CVE) ID: CVE-2007-1863 AIX APAR: PK49355 http://www-1.ibm.com/support/docview.wss?uid=swg1PK49355 http://lists.apple.com/archives/security-announce/2008//May/msg00001.html BugTraq ID: 24649 http://www.securityfocus.com/bid/24649 Cert/CC Advisory: TA08-150A http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244658 https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E http://osvdb.org/37079 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9824 http://www.securitytracker.com/id?1018303 http://secunia.com/advisories/30430 http://www.vupen.com/english/advisories/2008/1697
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.