Test Kennung:	1.3.6.1.4.1.25623.1.0.147057
Kategorie:	Web Servers
Titel:	Apache HTTP Server Multiple Vulnerabilities (Jan 2012) - Linux
Zusammenfassung:	Apache HTTP Server is prone to multiple vulnerabilities.
Beschreibung:	Summary: Apache HTTP Server is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - CVE-2011-3607: An integer overflow flaw was found which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file. - CVE-2012-0031: A flaw was found in the handling of the scoreboard. An unprivileged child process could cause the parent process to crash at shutdown rather than terminate cleanly. - CVE-2012-0053: A flaw was found in the default error response for status code 400. This flaw could be used by an attacker to expose 'httpOnly' cookies when no custom ErrorDocument is specified. Affected Software/OS: Apache HTTP Server version 2.0.35 through 2.2.21. Solution: Update to version 2.2.22 or later. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3607 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html BugTraq ID: 50494 http://www.securityfocus.com/bid/50494 Debian Security Information: DSA-2405 (Google Search) http://www.debian.org/security/2012/dsa-2405 http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0023.html HPdes Security Advisory: HPSBMU02748 http://marc.info/?l=bugtraq&m=133294460209056&w=2 HPdes Security Advisory: HPSBMU02786 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 HPdes Security Advisory: HPSBOV02822 http://marc.info/?l=bugtraq&m=134987041210674&w=2 HPdes Security Advisory: HPSBUX02761 http://marc.info/?l=bugtraq&m=133494237717847&w=2 HPdes Security Advisory: SSRT100772 HPdes Security Advisory: SSRT100823 HPdes Security Advisory: SSRT100877 HPdes Security Advisory: SSRT100966 http://www.mandriva.com/security/advisories?name=MDVSA-2012:003 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/ http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E http://www.osvdb.org/76744 RedHat Security Advisories: RHSA-2012:0128 http://rhn.redhat.com/errata/RHSA-2012-0128.html RedHat Security Advisories: RHSA-2012:0542 http://rhn.redhat.com/errata/RHSA-2012-0542.html RedHat Security Advisories: RHSA-2012:0543 http://rhn.redhat.com/errata/RHSA-2012-0543.html http://securitytracker.com/id?1026267 http://secunia.com/advisories/45793 http://secunia.com/advisories/48551 XForce ISS Database: apache-http-appregsub-bo(71093) https://exchange.xforce.ibmcloud.com/vulnerabilities/71093 Common Vulnerability Exposure (CVE) ID: CVE-2012-0031 BugTraq ID: 51407 http://www.securityfocus.com/bid/51407 http://www.mandriva.com/security/advisories?name=MDVSA-2012:012 http://www.halfdog.net/Security/2011/ApacheScoreboardInvalidFreeOnShutdown/ https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8@%3Ccvs.httpd.apache.org%3E http://secunia.com/advisories/47410 SuSE Security Announcement: SUSE-SU-2012:0323 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html SuSE Security Announcement: openSUSE-SU-2012:0314 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html Common Vulnerability Exposure (CVE) ID: CVE-2012-0053 BugTraq ID: 51706 http://www.securityfocus.com/bid/51706 HPdes Security Advisory: HPSBMU02776 http://marc.info/?l=bugtraq&m=133951357207000&w=2 HPdes Security Advisory: HPSBST02848 http://marc.info/?l=bugtraq&m=136441204617335&w=2 HPdes Security Advisory: SSRT100852 HPdes Security Advisory: SSRT101112
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.