ID de Prueba:	1.3.6.1.4.1.25623.1.0.57243
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2006:0618
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2006:0618. The Apache HTTP Server is a popular Web server available for free. A bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header. (CVE-2006-3918) While a web browser cannot be forced to send an arbitrary Expect header by a third-party attacker, it was recently discovered that certain versions of the Flash plugin can manipulate request headers. If users running such versions can be persuaded to load a web page with a malicious Flash applet, a cross-site scripting attack against the server may be possible. Users of Apache should upgrade to these updated packages, which contain a backported patch to correct this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0618.html http://www.redhat.com/security/updates/classification/#important Risk factor : Medium CVSS Score: 4.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-3918 AIX APAR: PK24631 http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631 AIX APAR: PK27875 http://www-1.ibm.com/support/docview.wss?uid=swg24013080 BugTraq ID: 19661 http://www.securityfocus.com/bid/19661 Bugtraq: 20060508 Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1 (Google Search) http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html Bugtraq: 20060724 Write-up by Amit Klein: "Forging HTTP request headers with Flash" (Google Search) http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html Debian Security Information: DSA-1167 (Google Search) http://www.debian.org/security/2006/dsa-1167 HPdes Security Advisory: HPSBOV02683 http://marc.info/?l=bugtraq&m=130497311408250&w=2 HPdes Security Advisory: HPSBUX02465 http://marc.info/?l=bugtraq&m=125631037611762&w=2 HPdes Security Advisory: HPSBUX02612 http://marc.info/?l=bugtraq&m=129190899612998&w=2 HPdes Security Advisory: SSRT090192 HPdes Security Advisory: SSRT090208 HPdes Security Advisory: SSRT100345 https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E OpenBSD Security Advisory: [3.9] 012: SECURITY FIX: October 7, 2006 http://openbsd.org/errata.html#httpd2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238 RedHat Security Advisories: RHSA-2006:0618 http://rhn.redhat.com/errata/RHSA-2006-0618.html http://www.redhat.com/support/errata/RHSA-2006-0619.html RedHat Security Advisories: RHSA-2006:0692 http://rhn.redhat.com/errata/RHSA-2006-0692.html http://securitytracker.com/id?1016569 http://www.securitytracker.com/id?1024144 http://secunia.com/advisories/21172 http://secunia.com/advisories/21174 http://secunia.com/advisories/21399 http://secunia.com/advisories/21478 http://secunia.com/advisories/21598 http://secunia.com/advisories/21744 http://secunia.com/advisories/21848 http://secunia.com/advisories/21986 http://secunia.com/advisories/22140 http://secunia.com/advisories/22317 http://secunia.com/advisories/22523 http://secunia.com/advisories/28749 http://secunia.com/advisories/29640 http://secunia.com/advisories/40256 SGI Security Advisory: 20060801-01-P ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P http://securityreason.com/securityalert/1294 SuSE Security Announcement: SUSE-SA:2006:051 (Google Search) http://www.novell.com/linux/security/advisories/2006_51_apache.html SuSE Security Announcement: SUSE-SA:2008:021 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html http://www.ubuntu.com/usn/usn-575-1 http://www.vupen.com/english/advisories/2006/2963 http://www.vupen.com/english/advisories/2006/2964 http://www.vupen.com/english/advisories/2006/3264 http://www.vupen.com/english/advisories/2006/4207 http://www.vupen.com/english/advisories/2006/5089 http://www.vupen.com/english/advisories/2010/1572
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.