Anfälligkeitssuche        Suche in 191973 CVE Beschreibungen
und 86218 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.64741
Kategorie:Fedora Local Security Checks
Titel:Fedora Core 11 FEDORA-2009-8812 (httpd)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing an update to httpd
announced via advisory FEDORA-2009-8812.

The Apache HTTP Server is a powerful, efficient, and extensible
web server.

Update Information:

This update includes the latest release of the Apache HTTP Server, version
2.2.13, fixing several security issues:

* Fix a potential Denial-of-Service attack against mod_deflate or
other modules, by forcing the server to consume CPU time in compressing
a large file after a client disconnects. (CVE-2009-1891)
* Prevent the Includes Option from being enabled in an
.htaccess file if the AllowOverride restrictions do not permit it.
(CVE-2009-1195)
* Fix a potential Denial-of-Service attack against mod_proxy
in a reverse proxy configuration, where a remote attacker can force a proxy
process to consume CPU time indefinitely. (CVE-2009-1890)
* mod_proxy_ajp: Avoid delivering content from a previous request
which failed to send a request body. (CVE-2009-1191)

Many bug fixes are also included
see the upstream
changelog for further details:

http://www.apache.org/dist/httpd/CHANGES_2.2.13

ChangeLog:

* Tue Aug 18 2009 Joe Orton 2.2.13-1
- update to 2.2.13

References:

[ 1 ] Bug #509375 - CVE-2009-1890 httpd: mod_proxy reverse proxy DoS (infinite loop)
https://bugzilla.redhat.com/show_bug.cgi?id=509375
[ 2 ] Bug #509125 - CVE-2009-1891 httpd: possible temporary DoS (CPU consumption) in mod_deflate
https://bugzilla.redhat.com/show_bug.cgi?id=509125
[ 3 ] Bug #489436 - CVE-2009-1195 AllowOverride Options=IncludesNoExec allows Options Includes
https://bugzilla.redhat.com/show_bug.cgi?id=489436

Solution: Apply the appropriate updates.

This update can be installed with the yum update program. Use
su -c 'yum update httpd' at the command line.
For more information, refer to Managing Software with yum,
available at http://docs.fedoraproject.org/yum/.

http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8812

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-1891
AIX APAR: PK91361
http://www-01.ibm.com/support/docview.wss?uid=swg1PK91361
AIX APAR: PK99480
http://www-01.ibm.com/support/docview.wss?uid=swg1PK99480
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Bugtraq: 20091113 rPSA-2009-0142-2 httpd mod_ssl (Google Search)
http://www.securityfocus.com/archive/1/507857/100/0/threaded
Debian Security Information: DSA-1834 (Google Search)
http://www.debian.org/security/2009/dsa-1834
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html
http://security.gentoo.org/glsa/glsa-200907-04.xml
HPdes Security Advisory: HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: HPSBUX02612
http://marc.info/?l=bugtraq&m=129190899612998&w=2
HPdes Security Advisory: SSRT090208
HPdes Security Advisory: SSRT100345
http://www.mandriva.com/security/advisories?name=MDVSA-2009:149
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712
http://marc.info/?l=apache-httpd-dev&m=124621326524824&w=2
http://marc.info/?l=apache-httpd-dev&m=124661528519546&w=2
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
http://osvdb.org/55782
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12361
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8632
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9248
RedHat Security Advisories: RHSA-2009:1148
https://rhn.redhat.com/errata/RHSA-2009-1148.html
http://www.redhat.com/support/errata/RHSA-2009-1156.html
http://www.securitytracker.com/id?1022529
http://secunia.com/advisories/35721
http://secunia.com/advisories/35781
http://secunia.com/advisories/35793
http://secunia.com/advisories/35865
http://secunia.com/advisories/37152
http://secunia.com/advisories/37221
SuSE Security Announcement: SUSE-SA:2009:050 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html
http://www.ubuntu.com/usn/USN-802-1
http://www.vupen.com/english/advisories/2009/1841
http://www.vupen.com/english/advisories/2009/3184
Common Vulnerability Exposure (CVE) ID: CVE-2009-1195
BugTraq ID: 35115
http://www.securityfocus.com/bid/35115
Bugtraq: 20091112 rPSA-2009-0142-1 httpd mod_ssl (Google Search)
http://www.securityfocus.com/archive/1/507852/100/0/threaded
Debian Security Information: DSA-1816 (Google Search)
http://www.debian.org/security/2009/dsa-1816
http://www.mandriva.com/security/advisories?name=MDVSA-2009:124
http://marc.info/?l=apache-httpd-dev&m=124048996106302&w=2
http://osvdb.org/54733
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11094
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12377
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8704
http://www.redhat.com/support/errata/RHSA-2009-1075.html
http://www.securitytracker.com/id?1022296
http://secunia.com/advisories/35261
http://secunia.com/advisories/35264
http://secunia.com/advisories/35395
http://secunia.com/advisories/35453
http://www.ubuntu.com/usn/usn-787-1
http://www.vupen.com/english/advisories/2009/1444
XForce ISS Database: apache-allowoverrides-security-bypass(50808)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50808
Common Vulnerability Exposure (CVE) ID: CVE-2009-1890
AIX APAR: PK91259
http://www-01.ibm.com/support/docview.wss?uid=swg1PK91259
BugTraq ID: 35565
http://www.securityfocus.com/bid/35565
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://osvdb.org/55553
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12330
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8616
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9403
http://www.securitytracker.com/id?1022509
http://secunia.com/advisories/35691
Common Vulnerability Exposure (CVE) ID: CVE-2009-1191
BugTraq ID: 34663
http://www.securityfocus.com/bid/34663
http://www.mandriva.com/security/advisories?name=MDVSA-2009:102
http://osvdb.org/53921
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8261
http://www.securitytracker.com/id?1022264
http://secunia.com/advisories/34827
http://www.vupen.com/english/advisories/2009/1147
XForce ISS Database: apache-modproxyajp-information-disclosure(50059)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50059
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 86218 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.