ID de Prueba:	1.3.6.1.4.1.25623.1.0.56592
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2006:028 (php)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to php announced via advisory MDKSA-2006:028. Multiple response splitting vulnerabilities in PHP allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors, possibly involving a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function. (CVE-2006-0207) Multiple cross-site scripting (XSS) vulnerabilities in PHP allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in certain error conditions. (CVE-2006-0208). This issue does not affect Corporate Server 2.1. Updated packages are patched to address these issues. Users must execute service httpd restart for the new PHP modules to be loaded by Apache. Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2006:028 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-0207 BugTraq ID: 16220 http://www.securityfocus.com/bid/16220 Bugtraq: 20060112 Advisory 01/2006: PHP ext/session HTTP Response Splitting Vulnerability (Google Search) Debian Security Information: DSA-1331 (Google Search) http://www.debian.org/security/2007/dsa-1331 http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:028 http://www.hardened-php.net/advisory_012006.112.html http://securitytracker.com/id?1015484 http://secunia.com/advisories/18431 http://secunia.com/advisories/18697 http://secunia.com/advisories/19012 http://secunia.com/advisories/19179 http://secunia.com/advisories/19355 http://secunia.com/advisories/25945 SuSE Security Announcement: SUSE-SR:2006:004 (Google Search) http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html https://usn.ubuntu.com/261-1/ http://www.vupen.com/english/advisories/2006/0177 http://www.vupen.com/english/advisories/2006/0369 XForce ISS Database: php-session-response-splitting(24094) https://exchange.xforce.ibmcloud.com/vulnerabilities/24094 Common Vulnerability Exposure (CVE) ID: CVE-2006-0208 BugTraq ID: 16803 http://www.securityfocus.com/bid/16803 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10064 RedHat Security Advisories: RHSA-2006:0276 http://rhn.redhat.com/errata/RHSA-2006-0276.html http://www.redhat.com/support/errata/RHSA-2006-0501.html RedHat Security Advisories: RHSA-2006:0549 http://rhn.redhat.com/errata/RHSA-2006-0549.html http://secunia.com/advisories/19832 http://secunia.com/advisories/20210 http://secunia.com/advisories/20222 http://secunia.com/advisories/20951 http://secunia.com/advisories/21252 http://secunia.com/advisories/21564 SGI Security Advisory: 20060501-01-U ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc http://www.vupen.com/english/advisories/2006/2685
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.