English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.105498
Categoría:F5 Local Security Checks
Título:F5 BIG-IP - Apache HTTPD vulnerability CVE-2010-2791 and CVE-2010-2068
Resumen:The remote host is missing a security patch.
Descripción:Summary:
The remote host is missing a security patch.

Vulnerability Insight:
mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.

Vulnerability Impact:
This vulnerability can allow the unauthorized disclosure of information.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-2791
42102
http://www.securityfocus.com/bid/42102
MDVSA-2013:150
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
RHSA-2010:0659
http://www.redhat.com/support/errata/RHSA-2010-0659.html
[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210330 svn commit: r1073139 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210330 svn commit: r1073149 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210330 svn commit: r1888194 [7/13] - /httpd/site/trunk/content/security/json/
https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210330 svn commit: r1888222 - in /httpd/site/trunk/content/security/json: CVE-2010-2068.json CVE-2010-2791.json CVE-2011-0419.json CVE-2011-3368.json
https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
[oss-security] 20100730 CVE-2010-2791: mod_proxy information leak affecting 2.2.9 only
http://www.openwall.com/lists/oss-security/2010/07/30/1
apache-modproxy-info-disclsoure(60883)
https://exchange.xforce.ibmcloud.com/vulnerabilities/60883
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-2068
1024096
http://securitytracker.com/id?1024096
20100611 [advisory] httpd Timeout detection flaw (mod_proxy_http) CVE-2010-2068
http://www.securityfocus.com/archive/1/511809/100/0/threaded
40206
http://secunia.com/advisories/40206
40824
http://secunia.com/advisories/40824
40827
http://www.securityfocus.com/bid/40827
41480
http://secunia.com/advisories/41480
41490
http://secunia.com/advisories/41490
41722
http://secunia.com/advisories/41722
ADV-2010-1436
http://www.vupen.com/english/advisories/2010/1436
APPLE-SA-2011-03-21-1
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
HPSBMA02568
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
PM16366
http://www.ibm.com/support/docview.wss?uid=swg1PM16366
RHSA-2011:0896
http://www.redhat.com/support/errata/RHSA-2011-0896.html
SI4053
http://www-01.ibm.com/support/docview.wss?uid=nas352ca0ac9460f9b8886257777005dd0e4
SSRT100219
[apache-announce] 20100725 [ANNOUNCEMENT] Apache HTTP Server 2.2.16 Released
http://marc.info/?l=apache-announce&m=128009718610929&w=2
[httpd-announce] 20100611 [advisory] httpd Timeout detection flaw (mod_proxy_http) CVE-2010-2068
http://mail-archives.apache.org/mod_mbox/httpd-announce/201006.mbox/%3C4C12933D.4060400%40apache.org%3E
[httpd-cvs] 20210330 svn commit: r1073149 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E
apache-modproxyhttp-timeout-info-disc(59413)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59413
http://httpd.apache.org/security/vulnerabilities_22.html
http://support.apple.com/kb/HT4581
http://www.apache.org/dist/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch
http://www.apache.org/dist/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
oval:org.mitre.oval:def:11491
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11491
oval:org.mitre.oval:def:6931
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6931
CopyrightCopyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.