Test Kennung:	1.3.6.1.4.1.25623.1.0.850761
Kategorie:	SuSE Local Security Checks
Titel:	SUSE: Security Advisory for apache2 (SUSE-SU-2014:0967-1)
Zusammenfassung:	The remote host is missing an update for the 'apache2'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'apache2' package(s) announced via the referenced advisory. Vulnerability Insight: This update for the Apache Web Server provides the following fixes: * Fixed a heap-based buffer overflow on apache module mod_status. (bnc#887765, CVE-2014-0226) * Properly remove whitespace characters from CDATA sections to avoid remote denial of service by crashing the Apache Server process. (bnc#869105, CVE-2013-6438) * Correction to parsing of cookie content this can lead to a crash with a specially designed cookie sent to the server. (bnc#869106, CVE-2014-0098) * ECC support should not be missing. (bnc#859916) This update also introduces a new configuration parameter CGIDScriptTimeout, which defaults to the value of parameter Timeout. CGIDScriptTimeout is set to 60s if mod_cgid is loaded/active, via /etc/apache2/conf.d/cgid-timeout.conf. The new directive and its effect prevent request workers to be eaten until starvation if cgi programs do not send output back to the server within the timeout set by CGIDScriptTimeout. (bnc#887768, CVE-2014-0231) Security Issues references: * CVE-2014-0226 * CVE-2013-6438 * CVE-2014-0098 * CVE-2014-0231 Affected Software/OS: apache2 on SUSE Linux Enterprise Server 11 SP3 Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-6438 http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html BugTraq ID: 66303 http://www.securityfocus.com/bid/66303 Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/534161/100/0/threaded http://seclists.org/fulldisclosure/2014/Dec/23 http://security.gentoo.org/glsa/glsa-201408-12.xml HPdes Security Advisory: HPSBUX03102 http://marc.info/?l=bugtraq&m=141017844705317&w=2 HPdes Security Advisory: HPSBUX03150 http://marc.info/?l=bugtraq&m=141390017113542&w=2 HPdes Security Advisory: SSRT101681 https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E http://secunia.com/advisories/58230 http://secunia.com/advisories/59315 http://secunia.com/advisories/59345 http://secunia.com/advisories/60536 http://www.ubuntu.com/usn/USN-2152-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-0098 https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E http://secunia.com/advisories/58915 http://secunia.com/advisories/59219 Common Vulnerability Exposure (CVE) ID: CVE-2014-0226 BugTraq ID: 68678 http://www.securityfocus.com/bid/68678 Debian Security Information: DSA-2989 (Google Search) http://www.debian.org/security/2014/dsa-2989 http://www.exploit-db.com/exploits/34133 http://seclists.org/fulldisclosure/2014/Jul/114 https://security.gentoo.org/glsa/201504-03 HPdes Security Advisory: HPSBMU03380 http://marc.info/?l=bugtraq&m=143748090628601&w=2 HPdes Security Advisory: HPSBMU03409 http://marc.info/?l=bugtraq&m=144050155601375&w=2 HPdes Security Advisory: HPSBUX03337 http://marc.info/?l=bugtraq&m=143403519711434&w=2 HPdes Security Advisory: HPSBUX03512 http://marc.info/?l=bugtraq&m=144493176821532&w=2 HPdes Security Advisory: SSRT102066 HPdes Security Advisory: SSRT102254 http://www.mandriva.com/security/advisories?name=MDVSA-2014:142 http://zerodayinitiative.com/advisories/ZDI-14-236/ https://www.povonsec.com/apache-2-4-7-exploit/ http://www.osvdb.org/109216 RedHat Security Advisories: RHSA-2014:1019 http://rhn.redhat.com/errata/RHSA-2014-1019.html RedHat Security Advisories: RHSA-2014:1020 http://rhn.redhat.com/errata/RHSA-2014-1020.html RedHat Security Advisories: RHSA-2014:1021 http://rhn.redhat.com/errata/RHSA-2014-1021.html Common Vulnerability Exposure (CVE) ID: CVE-2014-0231 BugTraq ID: 68742 http://www.securityfocus.com/bid/68742 http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.