Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.64527 |
Kategorie: | Mandrake Local Security Checks |
Titel: | Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security) |
Zusammenfassung: | NOSUMMARY |
Beschreibung: | Description: The remote host is missing an update to apache-mod_security announced via advisory MDVSA-2009:184. Multiple vulnerabilities has been found and corrected in mod_security: The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference (CVE-2009-1902). The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method (CVE-2009-1903). This update provides mod_security 2.5.9, which is not vulnerable to these issues. Affected: Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2009:184 CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-1902 BugTraq ID: 34096 http://www.securityfocus.com/bid/34096 Bugtraq: 20090319 [ISecAuditors Security Advisories] ModSecurity < 2.5.9 remote Denial of Service (Google Search) http://www.securityfocus.com/archive/1/501968 https://www.exploit-db.com/exploits/8241 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00487.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00529.html http://security.gentoo.org/glsa/glsa-200907-02.xml http://www.osvdb.org/52553 http://secunia.com/advisories/34256 http://secunia.com/advisories/34311 http://secunia.com/advisories/35687 SuSE Security Announcement: SUSE-SR:2009:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://www.vupen.com/english/advisories/2009/0703 XForce ISS Database: modsecurity-multipart-dos(49212) https://exchange.xforce.ibmcloud.com/vulnerabilities/49212 Common Vulnerability Exposure (CVE) ID: CVE-2009-1903 http://www.osvdb.org/52552 XForce ISS Database: modsecurity-pdfxss-dos(49211) https://exchange.xforce.ibmcloud.com/vulnerabilities/49211 |
Copyright | Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |