Test ID:	1.3.6.1.4.1.25623.1.0.52890
Category:	Turbolinux Local Security Tests
Title:	Turbolinux TLSA-2004-17 (apache)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to apache announced via advisory TLSA-2004-17. Apache is a powerful, full-featured, efficient, and freely-available Web server. - Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. - mod_digest for Apache does not properly verify the nonce of a client response by using a AuthNonce secret. A third party may gain unauthorized access to a web server. Solution: Please use the turbopkg (zabom) tool to apply the update. http://www.securityspace.com/smysecure/catid.html?in=TLSA-2004-17 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0020 http://marc.info/?l=bugtraq&m=108369640424244&w=2 BugTraq ID: 9930 http://www.securityfocus.com/bid/9930 Bugtraq: 20030224 Terminal Emulator Security Issues (Google Search) http://marc.info/?l=bugtraq&m=104612710031920&w=2 Bugtraq: 20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache) (Google Search) http://marc.info/?l=bugtraq&m=108437852004207&w=2 http://security.gentoo.org/glsa/glsa-200405-22.xml HPdes Security Advisory: SSRT4717 http://marc.info/?l=bugtraq&m=108731648532365&w=2 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:050 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100109 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A150 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4114 http://www.redhat.com/support/errata/RHSA-2003-082.html http://www.redhat.com/support/errata/RHSA-2003-083.html http://www.redhat.com/support/errata/RHSA-2003-104.html http://www.redhat.com/support/errata/RHSA-2003-139.html http://www.redhat.com/support/errata/RHSA-2003-243.html http://www.redhat.com/support/errata/RHSA-2003-244.html http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1 http://www.trustix.org/errata/2004/0017 http://www.trustix.org/errata/2004/0027 http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html http://www.iss.net/security_center/static/11412.php Common Vulnerability Exposure (CVE) ID: CVE-2003-0987 BugTraq ID: 9571 http://www.securityfocus.com/bid/9571 http://www.mandriva.com/security/advisories?name=MDKSA-2004:046 https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100108 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4416 http://www.redhat.com/support/errata/RHSA-2004-600.html http://www.redhat.com/support/errata/RHSA-2005-816.html http://securitytracker.com/id?1008920 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1 XForce ISS Database: apache-moddigest-response-replay(15041) https://exchange.xforce.ibmcloud.com/vulnerabilities/15041 Common Vulnerability Exposure (CVE) ID: CVE-2003-0993 BugTraq ID: 9829 http://www.securityfocus.com/bid/9829 http://marc.info/?l=apache-cvs&m=107869603013722 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100111 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4670 XForce ISS Database: apache-modaccess-obtain-information(15422) https://exchange.xforce.ibmcloud.com/vulnerabilities/15422 Common Vulnerability Exposure (CVE) ID: CVE-2004-0174 BugTraq ID: 9921 http://www.securityfocus.com/bid/9921 Bugtraq: 20040319 [ANNOUNCE] Apache HTTP Server 2.0.49 Released (fwd) (Google Search) http://marc.info/?l=bugtraq&m=107973894328806&w=2 CERT/CC vulnerability note: VU#132110 http://www.kb.cert.org/vuls/id/132110 https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100110 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1982 http://www.redhat.com/support/errata/RHSA-2004-405.html http://www.securitytracker.com/alerts/2004/Mar/1009495.html http://secunia.com/advisories/11170 http://marc.info/?l=bugtraq&m=108066914830552&w=2 XForce ISS Database: apache-socket-starvation-dos(15540) https://exchange.xforce.ibmcloud.com/vulnerabilities/15540
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.