English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 72022 CVE Beschreibungen
und 38680 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.60688
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2008:0008
Zusammenfassung:Redhat Security Advisory RHSA-2008:0008
Beschreibung:
The remote host is missing updates announced in
advisory RHSA-2008:0008.

The Apache HTTP Server is a popular Web server.

A flaw was found in the mod_imagemap module. On sites where mod_imagemap
was enabled and an imagemap file was publicly available, a cross-site
scripting attack was possible. (CVE-2007-5000)

A flaw was found in the mod_autoindex module. On sites where directory
listings are used, and the AddDefaultCharset directive has been removed
from the configuration, a cross-site scripting attack might have been
possible against Web browsers which do not correctly derive the response
character set following the rules in RFC 2616. (CVE-2007-4465)

A flaw was found in the mod_status module. On sites where mod_status was
enabled and the status pages were publicly available, a cross-site
scripting attack was possible. (CVE-2007-6388)

A flaw was found in the mod_proxy_balancer module. On sites where
mod_proxy_balancer was enabled, a cross-site scripting attack against an
authorized user was possible. (CVE-2007-6421)

A flaw was found in the mod_proxy_balancer module. On sites where
mod_proxy_balancer was enabled, an authorized user could send a carefully
crafted request that would cause the Apache child process handling that
request to crash. This could lead to a denial of service if using a
threaded Multi-Processing Module. (CVE-2007-6422)

A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp
was enabled and a forward proxy was configured, a cross-site scripting
attack was possible against Web browsers which do not correctly derive the
response character set following the rules in RFC 2616. (CVE-2008-0005)

Users of Apache httpd should upgrade to these updated packages, which
contain backported patches to resolve these issues. Users should restart
httpd after installing this update.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0008.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Medium
Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2007-4465
Bugtraq: 20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/479237/100/0/threaded
http://securityreason.com/achievement_securityalert/46
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html
http://security.gentoo.org/glsa/glsa-200711-06.xml
HPdes Security Advisory: HPSBUX02365
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432
HPdes Security Advisory: SSRT080118
HPdes Security Advisory: HPSBUX02431
http://marc.info/?l=bugtraq&m=124654546101607&w=2
HPdes Security Advisory: SSRT090085
HPdes Security Advisory: HPSBUX02465
http://marc.info/?l=bugtraq&m=125631037611762&w=2
HPdes Security Advisory: SSRT090192
http://www.mandriva.com/security/advisories?name=MDVSA-2008:014
http://www.redhat.com/support/errata/RHSA-2007-0911.html
http://www.redhat.com/support/errata/RHSA-2008-0004.html
http://www.redhat.com/support/errata/RHSA-2008-0005.html
http://www.redhat.com/support/errata/RHSA-2008-0006.html
http://www.redhat.com/support/errata/RHSA-2008-0008.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
SuSE Security Announcement: SUSE-SA:2007:061 (Google Search)
http://www.novell.com/linux/security/advisories/2007_61_apache2.html
http://www.ubuntu.com/usn/usn-575-1
Cert/CC Advisory: TA08-150A
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
BugTraq ID: 25653
http://www.securityfocus.com/bid/25653
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6089
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10929
http://secunia.com/advisories/35650
http://www.vupen.com/english/advisories/2008/1697
http://securitytracker.com/id?1019194
http://secunia.com/advisories/26842
http://secunia.com/advisories/26952
http://secunia.com/advisories/27563
http://secunia.com/advisories/27732
http://secunia.com/advisories/28467
http://secunia.com/advisories/28471
http://secunia.com/advisories/28607
http://secunia.com/advisories/28749
http://secunia.com/advisories/30430
http://secunia.com/advisories/31651
http://secunia.com/advisories/33105
http://securityreason.com/securityalert/3113
XForce ISS Database: apache-utf7-xss(36586)
http://xforce.iss.net/xforce/xfdb/36586
Common Vulnerability Exposure (CVE) ID: CVE-2007-5000
Bugtraq: 20080716 rPSA-2008-0035-1 httpd mod_ssl (Google Search)
http://www.securityfocus.com/archive/1/archive/1/494428/100/0/threaded
Bugtraq: 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server (Google Search)
http://www.securityfocus.com/archive/1/archive/1/505990/100/0/threaded
http://lists.vmware.com/pipermail/security-announce/2009/000062.html
AIX APAR: PK58024
http://www-1.ibm.com/support/docview.wss?uid=swg1PK58024
AIX APAR: PK58074
http://www-1.ibm.com/support/docview.wss?uid=swg1PK58074
AIX APAR: PK63273
http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273
AIX APAR: PK65782
http://www-1.ibm.com/support/docview.wss?uid=swg24019245
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html
HPdes Security Advisory: HPSBUX02308
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
HPdes Security Advisory: SSRT080010
HPdes Security Advisory: HPSBMA02388
http://www.securityfocus.com/archive/1/archive/1/498523/100/0/threaded
HPdes Security Advisory: SSRT080059
HPdes Security Advisory: HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: SSRT090208
http://www.mandriva.com/security/advisories?name=MDVSA-2008:015
http://www.mandriva.com/security/advisories?name=MDVSA-2008:016
http://www.redhat.com/support/errata/RHSA-2008-0007.html
http://www.redhat.com/support/errata/RHSA-2008-0009.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1
SuSE Security Announcement: SUSE-SA:2008:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
BugTraq ID: 26838
http://www.securityfocus.com/bid/26838
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9539
http://secunia.com/advisories/32800
http://www.vupen.com/english/advisories/2007/4201
http://www.vupen.com/english/advisories/2007/4202
http://www.vupen.com/english/advisories/2007/4301
http://www.vupen.com/english/advisories/2008/0084
http://www.vupen.com/english/advisories/2008/0178
http://www.vupen.com/english/advisories/2008/0398
http://www.vupen.com/english/advisories/2008/0809/references
http://www.vupen.com/english/advisories/2008/0924/references
http://www.vupen.com/english/advisories/2008/1224/references
http://www.vupen.com/english/advisories/2008/1623/references
http://www.vupen.com/english/advisories/2008/1875/references
http://www.osvdb.org/39134
http://securitytracker.com/id?1019093
http://secunia.com/advisories/28046
http://secunia.com/advisories/28073
http://secunia.com/advisories/28081
http://secunia.com/advisories/28196
http://secunia.com/advisories/28375
http://secunia.com/advisories/28525
http://secunia.com/advisories/28526
http://secunia.com/advisories/28750
http://secunia.com/advisories/28977
http://secunia.com/advisories/28922
http://secunia.com/advisories/29420
http://secunia.com/advisories/29640
http://secunia.com/advisories/29806
http://secunia.com/advisories/29988
http://secunia.com/advisories/30356
http://secunia.com/advisories/31142
http://secunia.com/advisories/30732
XForce ISS Database: apache-modimagemap-xss(39002)
http://xforce.iss.net/xforce/xfdb/39002
XForce ISS Database: apache-modimap-xss(39001)
http://xforce.iss.net/xforce/xfdb/39001
Common Vulnerability Exposure (CVE) ID: CVE-2007-6388
AIX APAR: PK59667
http://www-1.ibm.com/support/search.wss?rs=0&q=PK59667&apar=only
AIX APAR: PK62966
http://www-1.ibm.com/support/docview.wss?uid=swg1PK62966
HPdes Security Advisory: HPSBUX02313
http://www.securityfocus.com/archive/1/archive/1/488082/100/0/threaded
HPdes Security Advisory: SSRT080015
BugTraq ID: 27237
http://www.securityfocus.com/bid/27237
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10272
http://www.vupen.com/english/advisories/2008/0047
http://www.vupen.com/english/advisories/2008/0447/references
http://www.vupen.com/english/advisories/2008/0554
http://www.vupen.com/english/advisories/2008/0986/references
http://securitytracker.com/id?1019154
http://secunia.com/advisories/28965
http://secunia.com/advisories/29504
http://secunia.com/advisories/33200
http://securityreason.com/securityalert/3541
XForce ISS Database: apache-status-page-xss(39472)
http://xforce.iss.net/xforce/xfdb/39472
Common Vulnerability Exposure (CVE) ID: CVE-2007-6421
Bugtraq: 20080110 SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/486169/100/0/threaded
BugTraq ID: 27236
http://www.securityfocus.com/bid/27236
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10664
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8651
http://www.vupen.com/english/advisories/2008/0048
http://securityreason.com/securityalert/3523
XForce ISS Database: apache-modproxybalancer-xss(39474)
http://xforce.iss.net/xforce/xfdb/39474
Common Vulnerability Exposure (CVE) ID: CVE-2007-6422
http://security.gentoo.org/glsa/glsa-200803-19.xml
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10181
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8690
http://secunia.com/advisories/29348
XForce ISS Database: apache-modproxybalancer-dos(39476)
http://xforce.iss.net/xforce/xfdb/39476
Common Vulnerability Exposure (CVE) ID: CVE-2008-0005
http://securityreason.com/achievement_securityalert/49
Bugtraq: 20080110 SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/486167/100/0/threaded
BugTraq ID: 27234
http://www.securityfocus.com/bid/27234
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10812
http://www.securitytracker.com/id?1019185
http://securityreason.com/securityalert/3526
XForce ISS Database: apache-modproxyftp-utf7-xss(39615)
http://xforce.iss.net/xforce/xfdb/39615
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 38680 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2014 E-Soft Inc. Alle Rechte vorbehalten.