Anfälligkeitssuche        Suche in 191973 CVE Beschreibungen
und 86218 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:
Kategorie:Fedora Local Security Checks
Titel:Fedora Core 11 FEDORA-2009-8812 (httpd)
The remote host is missing an update to httpd
announced via advisory FEDORA-2009-8812.

The Apache HTTP Server is a powerful, efficient, and extensible
web server.

Update Information:

This update includes the latest release of the Apache HTTP Server, version
2.2.13, fixing several security issues:

* Fix a potential Denial-of-Service attack against mod_deflate or
other modules, by forcing the server to consume CPU time in compressing
a large file after a client disconnects. (CVE-2009-1891)
* Prevent the Includes Option from being enabled in an
.htaccess file if the AllowOverride restrictions do not permit it.
* Fix a potential Denial-of-Service attack against mod_proxy
in a reverse proxy configuration, where a remote attacker can force a proxy
process to consume CPU time indefinitely. (CVE-2009-1890)
* mod_proxy_ajp: Avoid delivering content from a previous request
which failed to send a request body. (CVE-2009-1191)

Many bug fixes are also included
see the upstream
changelog for further details:


* Tue Aug 18 2009 Joe Orton 2.2.13-1
- update to 2.2.13


[ 1 ] Bug #509375 - CVE-2009-1890 httpd: mod_proxy reverse proxy DoS (infinite loop)
[ 2 ] Bug #509125 - CVE-2009-1891 httpd: possible temporary DoS (CPU consumption) in mod_deflate
[ 3 ] Bug #489436 - CVE-2009-1195 AllowOverride Options=IncludesNoExec allows Options Includes

Solution: Apply the appropriate updates.

This update can be installed with the yum update program. Use
su -c 'yum update httpd' at the command line.
For more information, refer to Managing Software with yum,
available at

CVSS Score:

CVSS Vector:

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-1891
Bugtraq: 20091113 rPSA-2009-0142-2 httpd mod_ssl (Google Search)
Debian Security Information: DSA-1834 (Google Search)
HPdes Security Advisory: HPSBOV02683
HPdes Security Advisory: HPSBUX02612
HPdes Security Advisory: SSRT090208
HPdes Security Advisory: SSRT100345
RedHat Security Advisories: RHSA-2009:1148
SuSE Security Announcement: SUSE-SA:2009:050 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2009-1195
BugTraq ID: 35115
Bugtraq: 20091112 rPSA-2009-0142-1 httpd mod_ssl (Google Search)
Debian Security Information: DSA-1816 (Google Search)
XForce ISS Database: apache-allowoverrides-security-bypass(50808)
Common Vulnerability Exposure (CVE) ID: CVE-2009-1890
BugTraq ID: 35565
Common Vulnerability Exposure (CVE) ID: CVE-2009-1191
BugTraq ID: 34663
XForce ISS Database: apache-modproxyajp-information-disclosure(50059)
CopyrightCopyright (c) 2009 E-Soft Inc.

Dies ist nur einer von 86218 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.