ID de Prueba:	1.3.6.1.4.1.25623.1.0.60116
Categoría:	Misc.
Título:	Apache < 2.2.7 mod_proxy_balance vulnerabilities
Resumen:	NOSUMMARY
Descripción:	Description: The remote host appears to be running a version of Apache vulnerable to a denial of service attack and an XSS vulnerability in the mod_proxy_balancer. This DoS vulnerability applies when the threaded MPM module is used and allows remote authenticated users to cause a child process crash via a specially crafted request. The cross-site scripting vulnerability allows the injection of arbitrary web content through unspecified vectors. Versions 2.2.0 through 2.2.6 are vulnerable. Solution : Upgrade to version 2.2.7 or later. Risk factor : Medium CVSS Score: 4.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6421 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BugTraq ID: 27236 http://www.securityfocus.com/bid/27236 Bugtraq: 20080110 SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability (Google Search) http://www.securityfocus.com/archive/1/486169/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:016 https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10664 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8651 http://www.redhat.com/support/errata/RHSA-2008-0008.html http://www.redhat.com/support/errata/RHSA-2008-0009.html http://secunia.com/advisories/28526 http://secunia.com/advisories/28749 http://secunia.com/advisories/28977 http://secunia.com/advisories/29420 http://secunia.com/advisories/29640 http://securityreason.com/securityalert/3523 SuSE Security Announcement: SUSE-SA:2008:021 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html http://www.ubuntu.com/usn/usn-575-1 http://www.vupen.com/english/advisories/2008/0048 http://www.vupen.com/english/advisories/2008/0924/references XForce ISS Database: apache-modproxybalancer-xss(39474) https://exchange.xforce.ibmcloud.com/vulnerabilities/39474 Common Vulnerability Exposure (CVE) ID: CVE-2007-6422 http://security.gentoo.org/glsa/glsa-200803-19.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10181 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8690 http://secunia.com/advisories/29348 XForce ISS Database: apache-modproxybalancer-dos(39476) https://exchange.xforce.ibmcloud.com/vulnerabilities/39476
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.