 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.51479 |
| Kategorie: | Conectiva Local Security Checks |
| Titel: | Conectiva Security Advisory CLA-2003:777 |
| Zusammenfassung: | NOSUMMARY |
| Beschreibung: | Description: The remote host is missing updates announced in advisory CLA-2003:777. thttpd is a very simple and compact HTTP server. The thttpd package distributed with Conectiva Linux 9 (thttpd-2.20c-22870cl) contains several bugs[1] that prevent it from being useful. This update fixes these bugs and the following security vulnerabilities that affect thttpd 2.20c (descriptions borrowed from the respectives CVE pages): - Sensitive files disclosure vulnerability[2] (CVE-2001-0892) With the chroot option enabled, thttpd allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing '/.'. - Cross-site scripting vulnerability[3] (CVE-2002-0733) thttpd allows remote attackers to execute arbitrary scripts via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message. - Directory traversal vulnerability[4] (CVE-2002-1562) When using virtual hosting, thttpd allows remote attackers to read arbitrary files via '..' (dot dot) sequences in the 'Host:' header. The thttpd package has been updated to the 2.24 version, the latest stable one available at this time. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://bugzilla.conectiva.com.br/show_bug.cgi?id=9653 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0892 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0733 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1562 http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:777 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High CVSS Score: 7.5 |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2001-0892 Bugtraq: 20011113 Cgisecurity.com Advisory #6: thttpd and mini_http Permission bypass vuln (Google Search) http://marc.info/?l=bugtraq&m=100568999726036&w=2 Common Vulnerability Exposure (CVE) ID: CVE-2002-0733 BugTraq ID: 4601 http://www.securityfocus.com/bid/4601 http://www.ifrance.com/kitetoua/tuto/5holes1.txt http://www.osvdb.org/5125 http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html http://www.iss.net/security_center/static/9029.php Common Vulnerability Exposure (CVE) ID: CVE-2002-1562 Conectiva Linux advisory: CLA-2003:777 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000777 Debian Security Information: DSA-396 (Google Search) https://www.debian.org/security/2003/dsa-396 SuSE Security Announcement: SuSE-SA:2003:044 (Google Search) |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |