Conectiva Local Security Checks : Conectiva Security Advisory CLA-2002:541

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51544

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2002:541

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2002:541.

mod_ssl[1] is a module for the Apache[2] web server which provides
cryptography support. This module is included by default in the
Apache package distributed with Conectiva Linux.

There is a cross site cripting vulnerability[3][4][5] in the mod_ssl
module. The server name field returned to the client was not being
filtered, which could lead to cross site scripting attacks if the
UseCanonicalName option is turned off (which is not the default)
and wildcard DNS is in use.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:541
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 6029
Common Vulnerability Exposure (CVE) ID: CVE-2002-1157
http://www.securityfocus.com/bid/6029
Bugtraq: 20021023 [OpenPKG-SA-2002.010] OpenPKG Security Advisory (apache) (Google Search)
http://online.securityfocus.com/archive/1/296753
Bugtraq: 20021026 GLSA: mod_ssl (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2002-10/0374.html
Conectiva Linux advisory: CLA-2002:541
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000541
Debian Security Information: DSA-181 (Google Search)
http://www.debian.org/security/2002/dsa-181
En Garde Linux Advisory: ESA-20021029-027
http://www.linuxsecurity.com/advisories/other_advisory-2512.html
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-072.php
http://www.osvdb.org/2107
http://www.redhat.com/support/errata/RHSA-2002-222.html
http://www.redhat.com/support/errata/RHSA-2002-243.html
http://www.redhat.com/support/errata/RHSA-2002-244.html
http://www.redhat.com/support/errata/RHSA-2002-248.html
http://www.redhat.com/support/errata/RHSA-2002-251.html
http://www.redhat.com/support/errata/RHSA-2003-106.html
http://www.iss.net/security_center/static/10457.php

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51544
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2002:541
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2002:541. mod_ssl[1] is a module for the Apache[2] web server which provides cryptography support. This module is included by default in the Apache package distributed with Conectiva Linux. There is a cross site cripting vulnerability[3][4][5] in the mod_ssl module. The server name field returned to the client was not being filtered, which could lead to cross site scripting attacks if the UseCanonicalName option is turned off (which is not the default) and wildcard DNS is in use. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:541 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 6029 Common Vulnerability Exposure (CVE) ID: CVE-2002-1157 http://www.securityfocus.com/bid/6029 Bugtraq: 20021023 [OpenPKG-SA-2002.010] OpenPKG Security Advisory (apache) (Google Search) http://online.securityfocus.com/archive/1/296753 Bugtraq: 20021026 GLSA: mod_ssl (Google Search) http://archives.neohapsis.com/archives/bugtraq/2002-10/0374.html Conectiva Linux advisory: CLA-2002:541 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000541 Debian Security Information: DSA-181 (Google Search) http://www.debian.org/security/2002/dsa-181 En Garde Linux Advisory: ESA-20021029-027 http://www.linuxsecurity.com/advisories/other_advisory-2512.html http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-072.php http://www.osvdb.org/2107 http://www.redhat.com/support/errata/RHSA-2002-222.html http://www.redhat.com/support/errata/RHSA-2002-243.html http://www.redhat.com/support/errata/RHSA-2002-244.html http://www.redhat.com/support/errata/RHSA-2002-248.html http://www.redhat.com/support/errata/RHSA-2002-251.html http://www.redhat.com/support/errata/RHSA-2003-106.html http://www.iss.net/security_center/static/10457.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com