Test Kennung:	1.3.6.1.4.1.25623.1.0.71995
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Security Advisory MDVSA-2011:130-1 (apache)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to apache announced via advisory MDVSA-2011:130-1. Multiple vulnerabilities has been discovered and corrected in apache: The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086 (CVE-2011-3192). The updated packages have been patched to correct this issue. Update: Packages for Mandriva Linux 2011 is now being provided as well. Enjoy! * apache has been upgraded to the latest version (2.2.21) for 2011 Affected: 2011. Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:130-1 Risk factor : High
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2007-0086 Bugtraq: 20070103 a cheesy Apache / IIS DoS vuln (+a question) (Google Search) http://www.securityfocus.com/archive/1/455833/100/0/threaded Bugtraq: 20070104 Re: a cheesy Apache / IIS DoS vuln (+a question) (Google Search) http://www.securityfocus.com/archive/1/455879/100/0/threaded http://www.securityfocus.com/archive/1/455882/100/0/threaded http://www.securityfocus.com/archive/1/455920/100/0/threaded http://osvdb.org/33456 Common Vulnerability Exposure (CVE) ID: CVE-2011-3192 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html BugTraq ID: 49303 http://www.securityfocus.com/bid/49303 CERT/CC vulnerability note: VU#405811 http://www.kb.cert.org/vuls/id/405811 Cisco Security Advisory: 20110830 Apache HTTPd Range Header Denial of Service Vulnerability http://www.cisco.com/en/US/products/products_security_advisory09186a0080b90d73.shtml http://www.exploit-db.com/exploits/17696 http://seclists.org/fulldisclosure/2011/Aug/175 http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0285.html HPdes Security Advisory: HPSBMU02704 http://marc.info/?l=bugtraq&m=132033751509019&w=2 HPdes Security Advisory: HPSBMU02766 http://marc.info/?l=bugtraq&m=133477473521382&w=2 HPdes Security Advisory: HPSBMU02776 http://marc.info/?l=bugtraq&m=133951357207000&w=2 HPdes Security Advisory: HPSBOV02822 http://marc.info/?l=bugtraq&m=134987041210674&w=2 HPdes Security Advisory: HPSBUX02702 http://marc.info/?l=bugtraq&m=131551295528105&w=2 HPdes Security Advisory: HPSBUX02707 http://marc.info/?l=bugtraq&m=131731002122529&w=2 HPdes Security Advisory: SSRT100606 HPdes Security Advisory: SSRT100619 HPdes Security Advisory: SSRT100624 HPdes Security Advisory: SSRT100626 HPdes Security Advisory: SSRT100852 HPdes Security Advisory: SSRT100966 http://www.mandriva.com/security/advisories?name=MDVSA-2011:130 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122D387DD@minotaur.apache.org%3e http://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3cCAAPSnn2PO-d-C4nQt_TES2RRWiZr7urefhTKPWBC1b+K1Dqc7g@mail.gmail.com%3e https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E http://osvdb.org/74721 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14762 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14824 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18827 http://www.redhat.com/support/errata/RHSA-2011-1245.html http://www.redhat.com/support/errata/RHSA-2011-1294.html http://www.redhat.com/support/errata/RHSA-2011-1300.html http://www.redhat.com/support/errata/RHSA-2011-1329.html http://www.redhat.com/support/errata/RHSA-2011-1330.html http://www.redhat.com/support/errata/RHSA-2011-1369.html http://securitytracker.com/id?1025960 http://secunia.com/advisories/45606 http://secunia.com/advisories/45937 http://secunia.com/advisories/46000 http://secunia.com/advisories/46125 http://secunia.com/advisories/46126 SuSE Security Announcement: SUSE-SU-2011:1000 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.html SuSE Security Announcement: SUSE-SU-2011:1007 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00010.html SuSE Security Announcement: SUSE-SU-2011:1010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00011.html SuSE Security Announcement: SUSE-SU-2011:1216 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.html SuSE Security Announcement: SUSE-SU-2011:1229 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html SuSE Security Announcement: openSUSE-SU-2011:0993 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.html http://www.ubuntu.com/usn/USN-1199-1 XForce ISS Database: apache-http-byterange-dos(69396) https://exchange.xforce.ibmcloud.com/vulnerabilities/69396
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.