Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.58923
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2007:0556
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0556.

The Apache HTTP Server is a popular Web server.

The Apache HTTP Server did not verify that a process was an Apache child
process before sending it signals. A local attacker with the ability to run
scripts on the Apache HTTP Server could manipulate the scoreboard and cause
arbitrary processes to be terminated which could lead to a denial of
service (CVE-2007-3304). This issue is not exploitable on Red Hat
Enterprise Linux 5 if using the default SELinux targeted policy.

A flaw was found in the Apache HTTP Server mod_status module. On sites
where the server-status page is publicly accessible and ExtendedStatus is
enabled this could lead to a cross-site scripting attack. On Red Hat
Enterprise Linux the server-status page is not enabled by default and it is
best practice to not make this publicly available. (CVE-2006-5752)

A bug was found in the Apache HTTP Server mod_cache module. On sites where
caching is enabled, a remote attacker could send a carefully crafted
request that would cause the Apache child process handling that request to
crash. This could lead to a denial of service if using a threaded
Multi-Processing Module. (CVE-2007-1863)

Users of httpd should upgrade to these updated packages, which contain
backported patches to correct these issues. Users should restart Apache
after installing this update.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0556.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Medium

CVSS Score:
5.0

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2006-5752
AIX APAR: PK49295
http://www-1.ibm.com/support/search.wss?rs=0&q=PK49295&apar=only
AIX APAR: PK52702
http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702
BugTraq ID: 24645
http://www.securityfocus.com/bid/24645
Bugtraq: 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server (Google Search)
http://www.securityfocus.com/archive/1/505990/100/0/threaded
http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html
http://security.gentoo.org/glsa/glsa-200711-06.xml
HPdes Security Advisory: HPSBUX02262
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
HPdes Security Advisory: SSRT071447
http://www.mandriva.com/security/advisories?name=MDKSA-2007:140
http://www.mandriva.com/security/advisories?name=MDKSA-2007:141
http://www.mandriva.com/security/advisories?name=MDKSA-2007:142
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245112
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
http://lists.vmware.com/pipermail/security-announce/2009/000062.html
http://osvdb.org/37052
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10154
RedHat Security Advisories: RHSA-2007:0532
RedHat Security Advisories: RHSA-2007:0533
https://rhn.redhat.com/errata/RHSA-2007-0533.html
RedHat Security Advisories: RHSA-2007:0534
http://rhn.redhat.com/errata/RHSA-2007-0534.html
RedHat Security Advisories: RHSA-2007:0556
http://rhn.redhat.com/errata/RHSA-2007-0556.html
http://www.redhat.com/support/errata/RHSA-2007-0557.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.securitytracker.com/id?1018302
http://secunia.com/advisories/25827
http://secunia.com/advisories/25830
http://secunia.com/advisories/25873
http://secunia.com/advisories/25920
http://secunia.com/advisories/26273
http://secunia.com/advisories/26443
http://secunia.com/advisories/26458
http://secunia.com/advisories/26508
http://secunia.com/advisories/26822
http://secunia.com/advisories/26842
http://secunia.com/advisories/26993
http://secunia.com/advisories/27037
http://secunia.com/advisories/27563
http://secunia.com/advisories/27732
http://secunia.com/advisories/28212
http://secunia.com/advisories/28224
http://secunia.com/advisories/28606
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1
SuSE Security Announcement: SUSE-SA:2007:061 (Google Search)
http://www.novell.com/linux/security/advisories/2007_61_apache2.html
http://www.trustix.org/errata/2007/0026/
http://www.ubuntu.com/usn/usn-499-1
http://www.vupen.com/english/advisories/2007/2727
http://www.vupen.com/english/advisories/2007/3283
http://www.vupen.com/english/advisories/2007/3386
http://www.vupen.com/english/advisories/2007/4305
http://www.vupen.com/english/advisories/2008/0233
XForce ISS Database: apache-modstatus-xss(35097)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35097
Common Vulnerability Exposure (CVE) ID: CVE-2007-1863
AIX APAR: PK49355
http://www-1.ibm.com/support/docview.wss?uid=swg1PK49355
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
BugTraq ID: 24649
http://www.securityfocus.com/bid/24649
Cert/CC Advisory: TA08-150A
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244658
http://osvdb.org/37079
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9824
http://www.securitytracker.com/id?1018303
http://secunia.com/advisories/30430
http://www.vupen.com/english/advisories/2008/1697
Common Vulnerability Exposure (CVE) ID: CVE-2007-3304
AIX APAR: PK50467
http://www-1.ibm.com/support/search.wss?rs=0&q=PK50467&apar=only
AIX APAR: PK53984
http://www-1.ibm.com/support/docview.wss?uid=swg1PK53984
BugTraq ID: 24215
http://www.securityfocus.com/bid/24215
Bugtraq: 20070529 Apache httpd vulenrabilities (Google Search)
http://www.securityfocus.com/archive/1/469899/100/0/threaded
Bugtraq: 20070619 Apache Prefork MPM vulnerabilities - Report (Google Search)
http://www.securityfocus.com/archive/1/471832/100/0/threaded
HPdes Security Advisory: HPSBUX02273
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588
HPdes Security Advisory: SSRT071476
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111
http://security.psnc.pl/files/apache_report.pdf
http://marc.info/?l=apache-httpd-dev&m=118252946632447&w=2
http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/%3c20070629141032.GA15192@redhat.com%3e
http://osvdb.org/38939
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11589
http://www.redhat.com/errata/RHSA-2007-0532.html
http://www.redhat.com/support/errata/RHSA-2007-0662.html
http://www.securitytracker.com/id?1018304
http://secunia.com/advisories/26211
http://secunia.com/advisories/26611
http://secunia.com/advisories/26759
http://secunia.com/advisories/26790
http://secunia.com/advisories/27121
http://secunia.com/advisories/27209
SGI Security Advisory: 20070701-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc
http://securityreason.com/securityalert/2814
http://www.vupen.com/english/advisories/2007/3100
http://www.vupen.com/english/advisories/2007/3420
http://www.vupen.com/english/advisories/2007/3494
XForce ISS Database: apache-child-process-dos(35095)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35095
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.