Test Kennung:	1.3.6.1.4.1.25623.1.0.812844
Kategorie:	Web Servers
Titel:	Apache HTTP Server Multiple Vulnerabilities (Apr 2018) - Linux
Zusammenfassung:	Apache HTTP Server is prone to multiple vulnerabilities.
Beschreibung:	Summary: Apache HTTP Server is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - Apache HTTP Server fails to correctly generate the nonce sent to prevent reply attacks. - Misconfigured mod_session variable, HTTP_SESSION. - Apache HTTP Server fails to sanitize the expression specified in ''. - An error in Apache HTTP Server 'mod_authnz_ldap' when configured with AuthLDAPCharsetConfig. - Apache HTTP Server fails to sanitize against a specially crafted request. Vulnerability Impact: Successful exploitation will allow an attacker to replay HTTP requests across servers without detection, influence the user content, upload a malicious file, crash the Apache HTTP Server and perform denial of service attack. Affected Software/OS: Apache HTTP Server versions from 2.4.1 to 2.4.4, 2.4.6, 2.4.7, 2.4.9, 2.4.10, 2.4.12, 2.4.16 to 2.4.18, 2.4.20, 2.4.23, 2.4.25 to 2.4.29. Solution: Update to version 2.4.30 or later. Please see the references for more information. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-1312 BugTraq ID: 103524 http://www.securityfocus.com/bid/103524 Debian Security Information: DSA-4164 (Google Search) https://www.debian.org/security/2018/dsa-4164 https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E http://www.openwall.com/lists/oss-security/2018/03/24/7 RedHat Security Advisories: RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2018:3558 RedHat Security Advisories: RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0366 RedHat Security Advisories: RHSA-2019:0367 https://access.redhat.com/errata/RHSA-2019:0367 RedHat Security Advisories: RHSA-2019:1898 https://access.redhat.com/errata/RHSA-2019:1898 http://www.securitytracker.com/id/1040571 https://usn.ubuntu.com/3627-1/ https://usn.ubuntu.com/3627-2/ https://usn.ubuntu.com/3937-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-1283 BugTraq ID: 103520 http://www.securityfocus.com/bid/103520 https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E http://www.openwall.com/lists/oss-security/2018/03/24/4 http://www.securitytracker.com/id/1040568 Common Vulnerability Exposure (CVE) ID: CVE-2017-15715 BugTraq ID: 103525 http://www.securityfocus.com/bid/103525 https://security.elarlang.eu/cve-2017-15715-apache-http-server-filesmatch-bypass-with-a-trailing-newline-at-the-end-of-the-file-name.html https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E http://www.openwall.com/lists/oss-security/2018/03/24/6 http://www.securitytracker.com/id/1040570 Common Vulnerability Exposure (CVE) ID: CVE-2017-15710 BugTraq ID: 103512 http://www.securityfocus.com/bid/103512 http://www.openwall.com/lists/oss-security/2018/03/24/8 http://www.securitytracker.com/id/1040569 Common Vulnerability Exposure (CVE) ID: CVE-2018-1301 BugTraq ID: 103515 http://www.securityfocus.com/bid/103515 http://www.openwall.com/lists/oss-security/2018/03/24/2 http://www.securitytracker.com/id/1040573
Copyright	Copyright (C) 2018 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.