Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.851910
Kategorie:SuSE Local Security Checks
Titel:openSUSE: Security Advisory for apache2 (openSUSE-SU-2018:2856-1)
Zusammenfassung:The remote host is missing an update for the 'apache2'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'apache2'
package(s) announced via the referenced advisory.

Vulnerability Insight:
This update for apache2 fixes the following issues:

Security issues fixed:

- CVE-2016-8743: Fixed liberal whitespace interpretation accepted from
requests and sent in response lines and headers. Accepting these
different behaviors represented a security concern when httpd
participates in any chain of proxies or interacts with back-end
application servers, either through mod_proxy or using conventional CGI
mechanisms, and may result in request smuggling, response splitting and
cache pollution. (bsc#1016715)

- CVE-2016-4975: Fixed possible CRLF injection allowing HTTP response
splitting attacks for sites which use mod_userdir. This issue was
mitigated by changes which prohibit CR or LF injection into the
'Location' or other outbound header key or value. (bsc#1104826)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1046=1

Affected Software/OS:
apache2 on openSUSE Leap 42.3

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-4975
BugTraq ID: 105093
http://www.securityfocus.com/bid/105093
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E
Common Vulnerability Exposure (CVE) ID: CVE-2016-8743
BugTraq ID: 95077
http://www.securityfocus.com/bid/95077
Debian Security Information: DSA-3796 (Google Search)
http://www.debian.org/security/2017/dsa-3796
https://security.gentoo.org/glsa/201701-36
RedHat Security Advisories: RHSA-2017:0906
https://access.redhat.com/errata/RHSA-2017:0906
RedHat Security Advisories: RHSA-2017:1161
https://access.redhat.com/errata/RHSA-2017:1161
RedHat Security Advisories: RHSA-2017:1413
https://access.redhat.com/errata/RHSA-2017:1413
RedHat Security Advisories: RHSA-2017:1414
https://access.redhat.com/errata/RHSA-2017:1414
RedHat Security Advisories: RHSA-2017:1415
http://rhn.redhat.com/errata/RHSA-2017-1415.html
RedHat Security Advisories: RHSA-2017:1721
https://access.redhat.com/errata/RHSA-2017:1721
http://www.securitytracker.com/id/1037508
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.