Test Kennung:	1.3.6.1.4.1.25623.1.0.55255
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDKSA-2005:161 (apache2)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to apache2 announced via advisory MDKSA-2005:161. A flaw was discovered in mod_ssl's handling of the SSLVerifyClient directive. This flaw occurs if a virtual host is configured using SSLVerifyClient optional and a directive SSLVerifyClient required is set for a specific location. For servers configured in this fashion, an attacker may be able to access resources that should otherwise be protected, by not supplying a client certificate when connecting. (CVE-2005-2700) A flaw was discovered in Apache httpd where the byterange filter would buffer certain responses into memory. If a server has a dynamic resource such as a CGI script or PHP script that generates a large amount of data, an attacker could send carefully crafted requests in order to consume resources, potentially leading to a Denial of Service. (CVE-2005-2728) The updated packages have been patched to address these issues. Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2700 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2728 Risk factor : Critical CVSS Score: 10.0
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2700 102197 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1 102198 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 14721 http://www.securityfocus.com/bid/14721 16700 http://secunia.com/advisories/16700 16705 http://secunia.com/advisories/16705 16714 http://secunia.com/advisories/16714 16743 http://secunia.com/advisories/16743 16746 http://secunia.com/advisories/16746 16748 http://secunia.com/advisories/16748 16753 http://secunia.com/advisories/16753 16754 http://secunia.com/advisories/16754 16769 http://secunia.com/advisories/16769 16771 http://secunia.com/advisories/16771 16789 http://secunia.com/advisories/16789 16864 http://secunia.com/advisories/16864 16956 http://secunia.com/advisories/16956 17088 http://secunia.com/advisories/17088 17288 http://secunia.com/advisories/17288 17311 http://secunia.com/advisories/17311 17813 http://secunia.com/advisories/17813 19072 http://secunia.com/advisories/19072 19073 http://secunia.com/advisories/19073 19188 http://www.osvdb.org/19188 21848 http://secunia.com/advisories/21848 22523 http://secunia.com/advisories/22523 ADV-2005-1625 http://www.vupen.com/english/advisories/2005/1625 ADV-2005-2659 http://www.vupen.com/english/advisories/2005/2659 ADV-2006-0789 http://www.vupen.com/english/advisories/2006/0789 ADV-2006-4207 http://www.vupen.com/english/advisories/2006/4207 DSA-805 http://www.debian.org/security/2005/dsa-805 DSA-807 http://www.debian.org/security/2005/dsa-807 GLSA-200509-12 http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml HPSBUX01232 http://marc.info/?l=bugtraq&m=112870296926652&w=2 MDKSA-2005:161 http://www.mandriva.com/security/advisories?name=MDKSA-2005:161 OpenPKG-SA-2005.017 http://marc.info/?l=bugtraq&m=112604765028607&w=2 RHSA-2005:608 http://www.redhat.com/support/errata/RHSA-2005-608.html RHSA-2005:773 http://www.redhat.com/support/errata/RHSA-2005-773.html RHSA-2005:816 http://www.redhat.com/support/errata/RHSA-2005-816.html SSRT051043 SUSE-SA:2005:051 http://www.novell.com/linux/security/advisories/2005_51_apache2.html SUSE-SA:2005:052 http://www.novell.com/linux/security/advisories/2005_52_apache2.html SuSE-SA:2006:051 https://lists.opensuse.org/opensuse-security-announce/2006-09/msg00016.html TSLSA-2005-0059 http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html USN-177-1 http://www.ubuntu.com/usn/usn-177-1 VU#744929 http://www.kb.cert.org/vuls/id/744929 [apache-modssl] 20050902 [ANNOUNCE] mod_ssl 2.8.24-1.3.33 http://marc.info/?l=apache-modssl&m=112569517603897&w=2 [httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073139 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1888194 [4/13] - /httpd/site/trunk/content/security/json/ https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E [httpd-dev] 20190804 Re: svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t https://lists.apache.org/thread.html/117bc3f09847ebf020b1bb70301ebcc105ddc446856150b63f37f8eb%40%3Cdev.httpd.apache.org%3E [httpd-dev] 20190806 Re: svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t https://lists.apache.org/thread.html/5b1e7d66c5adf286f14f6cc0f857b6fca107444f68aed9e70eedab47%40%3Cdev.httpd.apache.org%3E http://people.apache.org/~jorton/CAN-2005-2700.diff http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167195 oval:org.mitre.oval:def:10416 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10416 Common Vulnerability Exposure (CVE) ID: CVE-2005-2728 BugTraq ID: 14660 http://www.securityfocus.com/bid/14660 Debian Security Information: DSA-805 (Google Search) http://www.gentoo.org/security/en/glsa/glsa-200508-15.xml HPdes Security Advisory: HPSBUX02074 http://www.securityfocus.com/archive/1/428138/100/0/threaded HPdes Security Advisory: SSRT051251 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1246 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1727 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A760 http://secunia.com/advisories/16559/ http://secunia.com/advisories/17036 http://secunia.com/advisories/17600 http://secunia.com/advisories/17831 http://secunia.com/advisories/17923 http://secunia.com/advisories/18161 http://secunia.com/advisories/18333 http://secunia.com/advisories/18517 SGI Security Advisory: 20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U http://securityreason.com/securityalert/604 SuSE Security Announcement: SUSE-SA:2005:051 (Google Search) SuSE Security Announcement: SUSE-SA:2005:052 (Google Search) XForce ISS Database: apache-byterange-dos(22006) https://exchange.xforce.ibmcloud.com/vulnerabilities/22006
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.