ID de Prueba:	1.3.6.1.4.1.25623.1.0.61810
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2008:0967
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2008:0967. The Apache HTTP Server is a popular Web server. A flaw was found in the mod_proxy Apache module. An attacker in control of a Web server to which requests were being proxied could have caused a limited denial of service due to CPU consumption and stack exhaustion. (CVE-2008-2364) A flaw was found in the mod_proxy_ftp Apache module. If Apache was configured to support FTP-over-HTTP proxying, a remote attacker could have performed a cross-site scripting attack. (CVE-2008-2939) In addition, these updated packages fix a bug found in the handling of the ProxyRemoteMatch directive in the Red Hat Enterprise Linux 4 httpd packages. This bug is not present in the Red Hat Enterprise Linux 3 or Red Hat Enterprise Linux 5 packages. Users of httpd should upgrade to these updated packages, which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0967.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2364 1020267 http://www.securitytracker.com/id?1020267 20080729 rPSA-2008-0236-1 httpd mod_ssl http://www.securityfocus.com/archive/1/494858/100/0/threaded 20081122 rPSA-2008-0328-1 httpd mod_ssl http://www.securityfocus.com/archive/1/498567/100/0/threaded 247666 http://sunsolve.sun.com/search/document.do?assetkey=1-26-247666-1 29653 http://www.securityfocus.com/bid/29653 30621 http://secunia.com/advisories/30621 31026 http://secunia.com/advisories/31026 31404 http://secunia.com/advisories/31404 31416 http://secunia.com/advisories/31416 31651 http://secunia.com/advisories/31651 31681 http://www.securityfocus.com/bid/31681 31904 http://secunia.com/advisories/31904 32222 http://secunia.com/advisories/32222 32685 http://secunia.com/advisories/32685 32838 http://secunia.com/advisories/32838 33156 http://secunia.com/advisories/33156 33797 http://secunia.com/advisories/33797 34219 http://secunia.com/advisories/34219 34259 http://secunia.com/advisories/34259 34418 http://secunia.com/advisories/34418 ADV-2008-1798 http://www.vupen.com/english/advisories/2008/1798 ADV-2008-2780 http://www.vupen.com/english/advisories/2008/2780 ADV-2009-0320 http://www.vupen.com/english/advisories/2009/0320 APPLE-SA-2008-10-09 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html FEDORA-2008-6314 https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00153.html FEDORA-2008-6393 https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00055.html GLSA-200807-06 http://security.gentoo.org/glsa/glsa-200807-06.xml HPSBUX02365 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432 HPSBUX02401 http://marc.info/?l=bugtraq&m=123376588623823&w=2 HPSBUX02465 http://marc.info/?l=bugtraq&m=125631037611762&w=2 MDVSA-2008:195 http://www.mandriva.com/security/advisories?name=MDVSA-2008:195 MDVSA-2008:237 http://www.mandriva.com/security/advisories?name=MDVSA-2008:237 PK67579 http://www-1.ibm.com/support/docview.wss?uid=swg1PK67579 RHSA-2008:0966 http://www.redhat.com/support/errata/RHSA-2008-0966.html RHSA-2008:0967 http://rhn.redhat.com/errata/RHSA-2008-0967.html SSRT080118 SSRT090005 SSRT090192 SUSE-SR:2009:006 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html SUSE-SR:2009:007 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html USN-731-1 http://www.ubuntu.com/usn/USN-731-1 [httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/ https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210422 svn commit: r1074079 [2/3] - in /websites/staging/httpd/trunk/content: ./ apreq/ contribute/ contributors/ dev/ docs-project/ docs/ info/ mod_fcgid/ mod_ftp/ mod_mbox/ mod_smtpd/ modules/ security/ test/ test/flood/ https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E apache-modproxy-module-dos(42987) https://exchange.xforce.ibmcloud.com/vulnerabilities/42987 http://support.apple.com/kb/HT3216 http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154&r2=666153&pathrev=666154 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328 http://www-01.ibm.com/support/docview.wss?uid=swg27008517 http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html oval:org.mitre.oval:def:11713 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11713 oval:org.mitre.oval:def:6084 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6084 oval:org.mitre.oval:def:9577 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9577 Common Vulnerability Exposure (CVE) ID: CVE-2008-2939 1020635 http://www.securitytracker.com/id?1020635 20080806 Apache HTTP Server mod_proxy_ftp Wildcard Characters Cross-Site Scripting http://www.securityfocus.com/archive/1/495180/100/0/threaded 20081122 rPSA-2008-0327-1 httpd mod_ssl http://www.securityfocus.com/archive/1/498566/100/0/threaded 30560 http://www.securityfocus.com/bid/30560 31384 http://secunia.com/advisories/31384 31673 http://secunia.com/advisories/31673 35074 http://secunia.com/advisories/35074 ADV-2008-2315 http://www.vupen.com/english/advisories/2008/2315 ADV-2008-2461 http://www.vupen.com/english/advisories/2008/2461 ADV-2009-1297 http://www.vupen.com/english/advisories/2009/1297 APPLE-SA-2009-05-12 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html MDVSA-2008:194 http://www.mandriva.com/security/advisories?name=MDVSA-2008:194 MDVSA-2009:124 http://www.mandriva.com/security/advisories?name=MDVSA-2009:124 PK70197 http://www-1.ibm.com/support/docview.wss?uid=swg1PK70197 PK70937 http://www-1.ibm.com/support/docview.wss?uid=swg1PK70937 SUSE-SR:2008:024 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html VU#663763 http://www.kb.cert.org/vuls/id/663763 [httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E apache-modproxyftp-xss(44223) https://exchange.xforce.ibmcloud.com/vulnerabilities/44223 http://support.apple.com/kb/HT3549 http://svn.apache.org/viewvc?view=rev&revision=682868 http://svn.apache.org/viewvc?view=rev&revision=682870 http://svn.apache.org/viewvc?view=rev&revision=682871 http://wiki.rpath.com/Advisories:rPSA-2008-0327 http://www.rapid7.com/advisories/R7-0033 oval:org.mitre.oval:def:11316 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11316 oval:org.mitre.oval:def:7716 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7716
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.