Test Kennung:	1.3.6.1.4.1.25623.1.0.902830
Kategorie:	Web Servers
Titel:	Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
Zusammenfassung:	Apache HTTP Server is prone to a cookie information disclosure vulnerability.
Beschreibung:	Summary: Apache HTTP Server is prone to a cookie information disclosure vulnerability. Vulnerability Insight: The flaw is due to an error within the default error response for status code 400 when no custom ErrorDocument is configured, which can be exploited to expose 'httpOnly' cookies. Vulnerability Impact: Successful exploitation will allow attackers to obtain sensitive information that may aid in further attacks. Affected Software/OS: Apache HTTP Server versions 2.2.0 through 2.2.21. Solution: Update to Apache HTTP Server version 2.2.22 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0053 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html BugTraq ID: 51706 http://www.securityfocus.com/bid/51706 Debian Security Information: DSA-2405 (Google Search) http://www.debian.org/security/2012/dsa-2405 HPdes Security Advisory: HPSBMU02748 http://marc.info/?l=bugtraq&m=133294460209056&w=2 HPdes Security Advisory: HPSBMU02776 http://marc.info/?l=bugtraq&m=133951357207000&w=2 HPdes Security Advisory: HPSBMU02786 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 HPdes Security Advisory: HPSBST02848 http://marc.info/?l=bugtraq&m=136441204617335&w=2 HPdes Security Advisory: HPSBUX02761 http://marc.info/?l=bugtraq&m=133494237717847&w=2 HPdes Security Advisory: SSRT100772 HPdes Security Advisory: SSRT100823 HPdes Security Advisory: SSRT100852 HPdes Security Advisory: SSRT100877 HPdes Security Advisory: SSRT101112 http://www.mandriva.com/security/advisories?name=MDVSA-2012:012 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E RedHat Security Advisories: RHSA-2012:0128 http://rhn.redhat.com/errata/RHSA-2012-0128.html RedHat Security Advisories: RHSA-2012:0542 http://rhn.redhat.com/errata/RHSA-2012-0542.html RedHat Security Advisories: RHSA-2012:0543 http://rhn.redhat.com/errata/RHSA-2012-0543.html http://secunia.com/advisories/48551 SuSE Security Announcement: SUSE-SU-2012:0323 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html SuSE Security Announcement: openSUSE-SU-2012:0314 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html
Copyright	Copyright (C) 2012 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.