Test Kennung:	1.3.6.1.4.1.25623.1.0.147055
Kategorie:	Web Servers
Titel:	Apache HTTP Server XSS Vulnerability (Sep 2012) - Linux
Zusammenfassung:	Apache HTTP Server is prone to a cross-site scripting (XSS); vulnerability.
Beschreibung:	Summary: Apache HTTP Server is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: Possible XSS for sites which use mod_negotiation and allow untrusted uploads to locations which have MultiViews enabled. Note: This issue is also known as CVE-2008-0455. Affected Software/OS: Apache HTTP Server version 2.2.0 through 2.2.22 and 2.4.1 through 2.4.2. Solution: Update to version 2.2.23, 2.4.3 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0455 BugTraq ID: 27409 http://www.securityfocus.com/bid/27409 Bugtraq: 20080122 Apache mod_negotiation Xss and Http Response Splitting (Google Search) http://www.securityfocus.com/archive/1/486847/100/0/threaded http://security.gentoo.org/glsa/glsa-200803-19.xml http://www.mindedsecurity.com/MSA01150108.html https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E RedHat Security Advisories: RHSA-2012:1591 http://rhn.redhat.com/errata/RHSA-2012-1591.html RedHat Security Advisories: RHSA-2012:1592 http://rhn.redhat.com/errata/RHSA-2012-1592.html RedHat Security Advisories: RHSA-2012:1594 http://rhn.redhat.com/errata/RHSA-2012-1594.html RedHat Security Advisories: RHSA-2013:0130 http://rhn.redhat.com/errata/RHSA-2013-0130.html http://securitytracker.com/id?1019256 http://secunia.com/advisories/29348 http://secunia.com/advisories/51607 http://securityreason.com/securityalert/3575 XForce ISS Database: apache-modnegotiation-xss(39867) https://exchange.xforce.ibmcloud.com/vulnerabilities/39867 Common Vulnerability Exposure (CVE) ID: CVE-2012-2687 AIX APAR: SE53614 http://www-01.ibm.com/support/docview.wss?uid=nas2a2b50a0ca011b37c86257a96003c9a4f http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html BugTraq ID: 55131 http://www.securityfocus.com/bid/55131 HPdes Security Advisory: HPSBUX02866 http://marc.info/?l=bugtraq&m=136612293908376&w=2 HPdes Security Advisory: SSRT101139 http://mail-archives.apache.org/mod_mbox/www-announce/201208.mbox/%3C0BFFEA9B-801B-4BAA-9534-56F640268E30@apache.org%3E https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18832 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19539 http://secunia.com/advisories/50894 SuSE Security Announcement: openSUSE-SU-2013:0243 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html SuSE Security Announcement: openSUSE-SU-2013:0245 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-02/msg00011.html SuSE Security Announcement: openSUSE-SU-2013:0248 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html http://www.ubuntu.com/usn/USN-1627-1
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.