Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.870479
Kategorie:Red Hat Local Security Checks
Titel:RedHat Update for httpd RHSA-2011:1245-01
Zusammenfassung:The remote host is missing an update for the 'httpd'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'httpd'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The Apache HTTP Server is a popular web server.

A flaw was found in the way the Apache HTTP Server handled Range HTTP
headers. A remote attacker could use this flaw to cause httpd to use an
excessive amount of memory and CPU time via HTTP requests with a
specially-crafted Range header. (CVE-2011-3192)

All httpd users should upgrade to these updated packages, which contain a
backported patch to correct this issue. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.

Affected Software/OS:
httpd on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux AS version 4,
Red Hat Enterprise Linux ES version 4,
Red Hat Enterprise Linux WS version 4

Solution:
Please Install the Updated Packages.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-3192
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
BugTraq ID: 49303
http://www.securityfocus.com/bid/49303
CERT/CC vulnerability note: VU#405811
http://www.kb.cert.org/vuls/id/405811
Cisco Security Advisory: 20110830 Apache HTTPd Range Header Denial of Service Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b90d73.shtml
http://www.exploit-db.com/exploits/17696
http://seclists.org/fulldisclosure/2011/Aug/175
http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0285.html
HPdes Security Advisory: HPSBMU02704
http://marc.info/?l=bugtraq&m=132033751509019&w=2
HPdes Security Advisory: HPSBMU02766
http://marc.info/?l=bugtraq&m=133477473521382&w=2
HPdes Security Advisory: HPSBMU02776
http://marc.info/?l=bugtraq&m=133951357207000&w=2
HPdes Security Advisory: HPSBOV02822
http://marc.info/?l=bugtraq&m=134987041210674&w=2
HPdes Security Advisory: HPSBUX02702
http://marc.info/?l=bugtraq&m=131551295528105&w=2
HPdes Security Advisory: HPSBUX02707
http://marc.info/?l=bugtraq&m=131731002122529&w=2
HPdes Security Advisory: SSRT100606
HPdes Security Advisory: SSRT100619
HPdes Security Advisory: SSRT100624
HPdes Security Advisory: SSRT100626
HPdes Security Advisory: SSRT100852
HPdes Security Advisory: SSRT100966
http://www.mandriva.com/security/advisories?name=MDVSA-2011:130
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122D387DD@minotaur.apache.org%3e
http://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3cCAAPSnn2PO-d-C4nQt_TES2RRWiZr7urefhTKPWBC1b+K1Dqc7g@mail.gmail.com%3e
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
http://osvdb.org/74721
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14762
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14824
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18827
http://www.redhat.com/support/errata/RHSA-2011-1245.html
http://www.redhat.com/support/errata/RHSA-2011-1294.html
http://www.redhat.com/support/errata/RHSA-2011-1300.html
http://www.redhat.com/support/errata/RHSA-2011-1329.html
http://www.redhat.com/support/errata/RHSA-2011-1330.html
http://www.redhat.com/support/errata/RHSA-2011-1369.html
http://securitytracker.com/id?1025960
http://secunia.com/advisories/45606
http://secunia.com/advisories/45937
http://secunia.com/advisories/46000
http://secunia.com/advisories/46125
http://secunia.com/advisories/46126
SuSE Security Announcement: SUSE-SU-2011:1000 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.html
SuSE Security Announcement: SUSE-SU-2011:1007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00010.html
SuSE Security Announcement: SUSE-SU-2011:1010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00011.html
SuSE Security Announcement: SUSE-SU-2011:1216 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.html
SuSE Security Announcement: SUSE-SU-2011:1229 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
SuSE Security Announcement: openSUSE-SU-2011:0993 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.html
http://www.ubuntu.com/usn/USN-1199-1
XForce ISS Database: apache-http-byterange-dos(69396)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69396
CopyrightCopyright (c) 2011 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.