English | Deutsch | Español | Português
 ID de Usuario:
 Contraseña:
Nuevo usuario
 Acerca de:   Dedicada | Avanzada | Estándar | Periódica | Sin Riesgo | Escritorio | Básica | Individual | Sello | FAQ
  Resumen de Precio/Funciones | Ordenar  | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad
 Búsqueda de    
Vulnerabilidad   
    Buscar 61204 Descripciones CVE y
32582 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.64423
Categoría:Debian Local Security Checks
Título:Debian Security Advisory DSA 1834-1 (apache2)
Resumen:Debian Security Advisory DSA 1834-1 (apache2)
Descripción:The remote host is missing an update to apache2
announced via advisory DSA 1834-1.

A denial of service flaw was found in the Apache mod_proxy module when
it was used as a reverse proxy. A remote attacker could use this flaw
to force a proxy process to consume large amounts of CPU time. This
issue did not affect Debian 4.0 etch. (CVE-2009-1890)

A denial of service flaw was found in the Apache mod_deflate module.
This module continued to compress large files until compression was
complete, even if the network connection that requested the content
was closed before compression completed. This would cause mod_deflate
to consume large amounts of CPU if mod_deflate was enabled for a large
file. A similar flaw related to HEAD requests for compressed content
was also fixed. (CVE-2009-1891)

For the stable distribution (lenny), these problems have been fixed in
version 2.2.9-10+lenny4.

The oldstable distribution (etch), these problems have been fixed in
version 2.2.3-4+etch9.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems will be fixed in version 2.2.11-7.

This advisory also provides updated apache2-mpm-itk packages which
have been recompiled against the new apache2 packages.

Updated packages for the s390 and mipsel architectures are not
included yet. They will be released as soon as they become available.


Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201834-1
Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1890
Bugtraq: 20091112 rPSA-2009-0142-1 httpd mod_ssl (Google Search)
http://www.securityfocus.com/archive/1/archive/1/507852/100/0/threaded
Bugtraq: 20091113 rPSA-2009-0142-2 httpd mod_ssl (Google Search)
http://www.securityfocus.com/archive/1/archive/1/507857/100/0/threaded
AIX APAR: PK91259
http://www-01.ibm.com/support/docview.wss?uid=swg1PK91259
AIX APAR: PK99480
http://www-01.ibm.com/support/docview.wss?uid=swg1PK99480
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Debian Security Information: DSA-1834 (Google Search)
http://www.debian.org/security/2009/dsa-1834
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html
http://security.gentoo.org/glsa/glsa-200907-04.xml
HPdes Security Advisory: HPSBUX02612
http://marc.info/?l=bugtraq&m=129190899612998&w=2
HPdes Security Advisory: SSRT100345
http://www.mandriva.com/security/advisories?name=MDVSA-2009:149
RedHat Security Advisories: RHSA-2009:1148
https://rhn.redhat.com/errata/RHSA-2009-1148.html
http://www.redhat.com/support/errata/RHSA-2009-1156.html
SuSE Security Announcement: SUSE-SA:2009:050 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html
http://www.ubuntu.com/usn/USN-802-1
BugTraq ID: 35565
http://www.securityfocus.com/bid/35565
http://osvdb.org/55553
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8616
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9403
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12330
http://www.securitytracker.com/id?1022509
http://secunia.com/advisories/35691
http://secunia.com/advisories/35721
http://secunia.com/advisories/35793
http://secunia.com/advisories/35865
http://secunia.com/advisories/37152
http://secunia.com/advisories/37221
http://www.vupen.com/english/advisories/2009/3184
Common Vulnerability Exposure (CVE) ID: CVE-2009-1891
http://marc.info/?l=apache-httpd-dev&m=124621326524824&w=2
http://marc.info/?l=apache-httpd-dev&m=124661528519546&w=2
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712
AIX APAR: PK91361
http://www-01.ibm.com/support/docview.wss?uid=swg1PK91361
HPdes Security Advisory: HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: SSRT090208
http://osvdb.org/55782
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8632
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9248
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12361
http://www.securitytracker.com/id?1022529
http://secunia.com/advisories/35781
http://www.vupen.com/english/advisories/2009/1841
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 32582 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:
Usuario:
Contraseña:
Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.
Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.
   Privacidad
Ingreso de Usuario Registrado
 
Usuario:   
Contraseña:  

 ¿Olvidó su usuario o contraseña??
Email/ID de Usario:




Principal | Acerca de Nosotros | Contáctenos | Programas de Asociado | Privacidad | Listas de Correo | Abuso
Auditorías de Seguridad | DNS Administrado | Monitoreo de Red | Analizador de Sitio | Informes de Investigación de Internet
Prueba de Web | Whois

© 1998-2014 E-Soft Inc. Todos los derechos reservados.