ID de Prueba:	1.3.6.1.4.1.25623.1.0.54427
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:582
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:582. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. Watchfire reported a flaw that occured when using the Apache server as an HTTP proxy. A remote attacker could send an HTTP request with both a Transfer-Encoding: chunked header and a Content-Length header. This caused Apache to incorrectly handle and forward the body of the request in a way that the receiving server processes it as a separate HTTP request. This could allow the bypass of Web application firewall protection or lead to cross-site scripting (XSS) attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-2088 to this issue. Marc Stern reported an off-by-one overflow in the mod_ssl CRL verification callback. In order to exploit this issue the Apache server would need to be configured to use a malicious certificate revocation list (CRL). The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-1268 to this issue. Users of Apache httpd should update to these errata packages that contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-582.html http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf http://issues.apache.org/bugzilla/show_bug.cgi?id=35081 http://issues.apache.org/bugzilla/show_bug.cgi?id=34588 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1268 102198 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 14366 http://www.securityfocus.com/bid/14366 19072 http://secunia.com/advisories/19072 19185 http://secunia.com/advisories/19185 604 http://securityreason.com/securityalert/604 ADV-2006-0789 http://www.vupen.com/english/advisories/2006/0789 DSA-805 http://www.debian.org/security/2005/dsa-805 HPSBUX02074 http://www.securityfocus.com/archive/1/428138/100/0/threaded MDKSA-2005:129 http://www.mandriva.com/security/advisories?name=MDKSA-2005:129 RHSA-2005:582 http://rhn.redhat.com/errata/RHSA-2005-582.html SSRT051251 SUSE-SA:2005:046 http://www.novell.com/linux/security/advisories/2005_46_apache.html SUSE-SR:2005:018 http://www.novell.com/linux/security/advisories/2005_18_sr.html TSLSA-2005-0059 http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html [httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073139 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073149 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1888194 [3/13] - /httpd/site/trunk/content/security/json/ https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163013 oval:org.mitre.oval:def:1346 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1346 oval:org.mitre.oval:def:1714 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1714 oval:org.mitre.oval:def:1747 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1747 oval:org.mitre.oval:def:9589 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9589 Common Vulnerability Exposure (CVE) ID: CVE-2005-2088 1014323 http://securitytracker.com/id?1014323 102197 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1 14106 http://www.securityfocus.com/bid/14106 14530 http://secunia.com/advisories/14530 15647 http://www.securityfocus.com/bid/15647 17319 http://secunia.com/advisories/17319 17487 http://secunia.com/advisories/17487 17813 http://secunia.com/advisories/17813 19073 http://secunia.com/advisories/19073 19317 http://secunia.com/advisories/19317 20050606 A new whitepaper by Watchfire - HTTP Request Smuggling http://seclists.org/lists/bugtraq/2005/Jun/0025.html 23074 http://secunia.com/advisories/23074 ADV-2005-2140 http://www.vupen.com/english/advisories/2005/2140 ADV-2005-2659 http://www.vupen.com/english/advisories/2005/2659 ADV-2006-1018 http://www.vupen.com/english/advisories/2006/1018 ADV-2006-4680 http://www.vupen.com/english/advisories/2006/4680 APPLE-SA-2005-11-29 http://docs.info.apple.com/article.html?artnum=302847 DSA-803 http://www.debian.org/security/2005/dsa-803 HPSBUX02101 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828 MDKSA-2005:130 http://www.mandriva.com/security/advisories?name=MDKSA-2005:130 PK13959 http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only PK16139 http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only http://www.redhat.com/support/errata/RHSA-2005-582.html SSA:2005-310-04 http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000 SSRT051128 USN-160-2 http://www.ubuntu.com/usn/usn-160-2 [apache-httpd-announce] 20051014 Apache HTTP Server 2.0.55 Released http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3 http://www.apache.org/dist/httpd/CHANGES_1.3 http://www.apache.org/dist/httpd/CHANGES_2.0 http://www.securiteam.com/securityreviews/5GP0220G0U.html http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html oval:org.mitre.oval:def:11452 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452 oval:org.mitre.oval:def:1237 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237 oval:org.mitre.oval:def:1526 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526 oval:org.mitre.oval:def:1629 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629 oval:org.mitre.oval:def:840 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.