Test Kennung:	1.3.6.1.4.1.25623.1.0.62900
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Security Advisory RHSA-2008:0966
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory RHSA-2008:0966. The Red Hat Application Stack v2.2 is an integrated open source application stack, that includes Red Hat Enterprise Linux 5 and JBoss Enterprise Application Platform (EAP) 4.2. This erratum updates the Apache HTTP Server package to version 2.0.10 which addresses the following security issues: A flaw was found in the mod_proxy module. An attacker who has control of a web server to which requests are being proxied could cause a limited denial of service due to CPU consumption and stack exhaustion. (CVE-2008-2364) A flaw was found in the mod_proxy_ftp module. Where Apache is configured to support ftp-over-httpd proxying, a remote attacker could perform a cross-site scripting attack. (CVE-2008-2939) A cross-site request forgery issue was found in the mod_proxy_balancer module. A remote attacker could cause a denial of service if mod_proxy_balancer is enabled and an authenticated user is targeted. (CVE-2007-6420) The JBoss Enterprise Application Platform (EAP) 4.2 has been updated to version 4.2.0.CP05. The following packages were also updated: * mysql to 5.0.60sp1 * mysql-connector-odbc to 3.51.26r1127 * perl-DBI to 1.607 * perl-DBD-MySQL to 4.008 * perl-DBD-Pg to 1.49 * php-pear to 1.7.2 * postgresql to 8.2.11 * postgresqlclient81 to 8.1.11 Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0966.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Medium CVSS Score: 5.0
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6420 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html BugTraq ID: 27236 http://www.securityfocus.com/bid/27236 BugTraq ID: 31681 http://www.securityfocus.com/bid/31681 Bugtraq: 20080110 SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability (Google Search) http://www.securityfocus.com/archive/1/486169/100/0/threaded Bugtraq: 20080729 rPSA-2008-0236-1 httpd mod_ssl (Google Search) http://www.securityfocus.com/archive/1/494858/100/0/threaded http://security.gentoo.org/glsa/glsa-200807-06.xml HPdes Security Advisory: HPSBUX02401 http://marc.info/?l=bugtraq&m=123376588623823&w=2 HPdes Security Advisory: SSRT090005 https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8371 http://www.redhat.com/support/errata/RHSA-2008-0966.html http://secunia.com/advisories/31026 http://secunia.com/advisories/32222 http://secunia.com/advisories/33797 http://secunia.com/advisories/34219 http://securityreason.com/securityalert/3523 SuSE Security Announcement: SUSE-SR:2008:024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html http://www.ubuntu.com/usn/USN-731-1 http://www.vupen.com/english/advisories/2008/2780 http://www.vupen.com/english/advisories/2009/0320 Common Vulnerability Exposure (CVE) ID: CVE-2008-2364 1020267 http://www.securitytracker.com/id?1020267 20080729 rPSA-2008-0236-1 httpd mod_ssl 20081122 rPSA-2008-0328-1 httpd mod_ssl http://www.securityfocus.com/archive/1/498567/100/0/threaded 247666 http://sunsolve.sun.com/search/document.do?assetkey=1-26-247666-1 29653 http://www.securityfocus.com/bid/29653 30621 http://secunia.com/advisories/30621 31026 31404 http://secunia.com/advisories/31404 31416 http://secunia.com/advisories/31416 31651 http://secunia.com/advisories/31651 31681 31904 http://secunia.com/advisories/31904 32222 32685 http://secunia.com/advisories/32685 32838 http://secunia.com/advisories/32838 33156 http://secunia.com/advisories/33156 33797 34219 34259 http://secunia.com/advisories/34259 34418 http://secunia.com/advisories/34418 ADV-2008-1798 http://www.vupen.com/english/advisories/2008/1798 ADV-2008-2780 ADV-2009-0320 APPLE-SA-2008-10-09 FEDORA-2008-6314 https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00153.html FEDORA-2008-6393 https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00055.html GLSA-200807-06 HPSBUX02365 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432 HPSBUX02401 HPSBUX02465 http://marc.info/?l=bugtraq&m=125631037611762&w=2 MDVSA-2008:195 http://www.mandriva.com/security/advisories?name=MDVSA-2008:195 MDVSA-2008:237 http://www.mandriva.com/security/advisories?name=MDVSA-2008:237 PK67579 http://www-1.ibm.com/support/docview.wss?uid=swg1PK67579 RHSA-2008:0966 RHSA-2008:0967 http://rhn.redhat.com/errata/RHSA-2008-0967.html SSRT080118 SSRT090005 SSRT090192 SUSE-SR:2009:006 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html SUSE-SR:2009:007 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html USN-731-1 [httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/ https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210422 svn commit: r1074079 [2/3] - in /websites/staging/httpd/trunk/content: ./ apreq/ contribute/ contributors/ dev/ docs-project/ docs/ info/ mod_fcgid/ mod_ftp/ mod_mbox/ mod_smtpd/ modules/ security/ test/ test/flood/ https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E apache-modproxy-module-dos(42987) https://exchange.xforce.ibmcloud.com/vulnerabilities/42987 http://support.apple.com/kb/HT3216 http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154&r2=666153&pathrev=666154 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328 http://www-01.ibm.com/support/docview.wss?uid=swg27008517 http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html oval:org.mitre.oval:def:11713 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11713 oval:org.mitre.oval:def:6084 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6084 oval:org.mitre.oval:def:9577 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9577 Common Vulnerability Exposure (CVE) ID: CVE-2008-2939 1020635 http://www.securitytracker.com/id?1020635 20080806 Apache HTTP Server mod_proxy_ftp Wildcard Characters Cross-Site Scripting http://www.securityfocus.com/archive/1/495180/100/0/threaded 20081122 rPSA-2008-0327-1 httpd mod_ssl http://www.securityfocus.com/archive/1/498566/100/0/threaded 30560 http://www.securityfocus.com/bid/30560 31384 http://secunia.com/advisories/31384 31673 http://secunia.com/advisories/31673 35074 http://secunia.com/advisories/35074 ADV-2008-2315 http://www.vupen.com/english/advisories/2008/2315 ADV-2008-2461 http://www.vupen.com/english/advisories/2008/2461 ADV-2009-1297 http://www.vupen.com/english/advisories/2009/1297 APPLE-SA-2009-05-12 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html MDVSA-2008:194 http://www.mandriva.com/security/advisories?name=MDVSA-2008:194 MDVSA-2009:124 http://www.mandriva.com/security/advisories?name=MDVSA-2009:124 PK70197 http://www-1.ibm.com/support/docview.wss?uid=swg1PK70197 PK70937 http://www-1.ibm.com/support/docview.wss?uid=swg1PK70937 SUSE-SR:2008:024 TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html VU#663763 http://www.kb.cert.org/vuls/id/663763 [httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E apache-modproxyftp-xss(44223) https://exchange.xforce.ibmcloud.com/vulnerabilities/44223 http://support.apple.com/kb/HT3549 http://svn.apache.org/viewvc?view=rev&revision=682868 http://svn.apache.org/viewvc?view=rev&revision=682870 http://svn.apache.org/viewvc?view=rev&revision=682871 http://wiki.rpath.com/Advisories:rPSA-2008-0327 http://www.rapid7.com/advisories/R7-0033 oval:org.mitre.oval:def:11316 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11316 oval:org.mitre.oval:def:7716 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7716
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.