English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.50530
Kategorie:Mandrake Local Security Checks
Titel:Mandrake Security Advisory MDKSA-2004:046-1 (apache-mod_perl)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing an update to apache-mod_perl
announced via advisory MDKSA-2004:046-1.

Four security vulnerabilities were fixed with the 1.3.31 release of
Apache. All of these issues have been backported and applied to the
provided packages. Thanks to Ralf Engelschall of OpenPKG for providing
the patches.

Apache 1.3 prior to 1.3.30 did not filter terminal escape sequences
from its error logs. This could make it easier for attackers to insert
those sequences into the terminal emulators of administrators viewing
the error logs that contain vulnerabilities related to escape sequence
handling (CVE-2003-0020).

mod_digest in Apache 1.3 prior to 1.3.31 did not properly verify the
nonce of a client response by using an AuthNonce secret. Apache now
verifies the nonce returned in the client response to check whether it
was issued by itself by means of a AuthDigestRealmSeed secret exposed
as an MD5 checksum (CVE-2003-0987).

mod_acces in Apache 1.3 prior to 1.3.30, when running on big-endian
64-bit platforms, did not properly parse Allow/Deny rules using IP
addresses without a netmask. This could allow a remote attacker to
bypass intended access restrictions (CVE-2003-0993).

Apache 1.3 prior to 1.3.30, when using multiple listening sockets on
certain platforms, allows a remote attacker to cause a DoS by blocking
new connections via a short-lived connection on a rarely-accessed
listening socket (CVE-2004-0174). While this particular vulnerability
does not affect Linux, we felt it prudent to include the fix.

Update:

Due to the changes in mod_digest.so, mod_perl needed to be rebuilt
against the patched Apache packages in order for httpd-perl to
properly load the module. The appropriate mod_perl packages have
been rebuilt and are now available.

Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:046-1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174

Risk factor : High

CVSS Score:
7.5

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2003-0020
http://marc.info/?l=bugtraq&m=108369640424244&w=2
BugTraq ID: 9930
http://www.securityfocus.com/bid/9930
Bugtraq: 20030224 Terminal Emulator Security Issues (Google Search)
http://marc.info/?l=bugtraq&m=104612710031920&w=2
Bugtraq: 20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache) (Google Search)
http://marc.info/?l=bugtraq&m=108437852004207&w=2
http://security.gentoo.org/glsa/glsa-200405-22.xml
HPdes Security Advisory: SSRT4717
http://marc.info/?l=bugtraq&m=108731648532365&w=2
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:050
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100109
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A150
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4114
http://www.redhat.com/support/errata/RHSA-2003-082.html
http://www.redhat.com/support/errata/RHSA-2003-083.html
http://www.redhat.com/support/errata/RHSA-2003-104.html
http://www.redhat.com/support/errata/RHSA-2003-139.html
http://www.redhat.com/support/errata/RHSA-2003-243.html
http://www.redhat.com/support/errata/RHSA-2003-244.html
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1
http://www.trustix.org/errata/2004/0017
http://www.trustix.org/errata/2004/0027
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
http://www.iss.net/security_center/static/11412.php
Common Vulnerability Exposure (CVE) ID: CVE-2003-0987
BugTraq ID: 9571
http://www.securityfocus.com/bid/9571
http://www.mandriva.com/security/advisories?name=MDKSA-2004:046
https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4416
http://www.redhat.com/support/errata/RHSA-2004-600.html
http://www.redhat.com/support/errata/RHSA-2005-816.html
http://securitytracker.com/id?1008920
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1
XForce ISS Database: apache-moddigest-response-replay(15041)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15041
Common Vulnerability Exposure (CVE) ID: CVE-2003-0993
BugTraq ID: 9829
http://www.securityfocus.com/bid/9829
http://marc.info/?l=apache-cvs&m=107869603013722
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100111
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4670
XForce ISS Database: apache-modaccess-obtain-information(15422)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15422
Common Vulnerability Exposure (CVE) ID: CVE-2004-0174
BugTraq ID: 9921
http://www.securityfocus.com/bid/9921
Bugtraq: 20040319 [ANNOUNCE] Apache HTTP Server 2.0.49 Released (fwd) (Google Search)
http://marc.info/?l=bugtraq&m=107973894328806&w=2
CERT/CC vulnerability note: VU#132110
http://www.kb.cert.org/vuls/id/132110
https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100110
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1982
http://www.redhat.com/support/errata/RHSA-2004-405.html
http://www.securitytracker.com/alerts/2004/Mar/1009495.html
http://secunia.com/advisories/11170
http://marc.info/?l=bugtraq&m=108066914830552&w=2
XForce ISS Database: apache-socket-starvation-dos(15540)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15540
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.