ID de Prueba:	1.3.6.1.4.1.25623.1.0.64426
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200907-04 (apache)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200907-04.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200907-04. Vulnerability Insight: Multiple vulnerabilities in the Apache HTTP daemon allow for local privilege escalation, information disclosure or Denial of Service attacks. Solution: All Apache users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-servers/apache-2.2.11-r2' CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1195 1022296 http://www.securitytracker.com/id?1022296 20091112 rPSA-2009-0142-1 httpd mod_ssl http://www.securityfocus.com/archive/1/507852/100/0/threaded 20091113 rPSA-2009-0142-2 httpd mod_ssl http://www.securityfocus.com/archive/1/507857/100/0/threaded 35115 http://www.securityfocus.com/bid/35115 35261 http://secunia.com/advisories/35261 35264 http://secunia.com/advisories/35264 35395 http://secunia.com/advisories/35395 35453 http://secunia.com/advisories/35453 35721 http://secunia.com/advisories/35721 37152 http://secunia.com/advisories/37152 54733 http://osvdb.org/54733 ADV-2009-1444 http://www.vupen.com/english/advisories/2009/1444 ADV-2009-3184 http://www.vupen.com/english/advisories/2009/3184 APPLE-SA-2009-11-09-1 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html DSA-1816 http://www.debian.org/security/2009/dsa-1816 FEDORA-2009-8812 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html GLSA-200907-04 http://security.gentoo.org/glsa/glsa-200907-04.xml HPSBUX02612 http://marc.info/?l=bugtraq&m=129190899612998&w=2 MDVSA-2009:124 http://www.mandriva.com/security/advisories?name=MDVSA-2009:124 RHSA-2009:1075 http://www.redhat.com/support/errata/RHSA-2009-1075.html RHSA-2009:1156 http://www.redhat.com/support/errata/RHSA-2009-1156.html SSRT100345 SUSE-SA:2009:050 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html USN-787-1 http://www.ubuntu.com/usn/usn-787-1 [apache-httpd-dev] 20090423 Includes vs IncludesNoExec security issue - help needed http://marc.info/?l=apache-httpd-dev&m=124048996106302&w=2 [httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/ https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E apache-allowoverrides-security-bypass(50808) https://exchange.xforce.ibmcloud.com/vulnerabilities/50808 http://support.apple.com/kb/HT3937 http://svn.apache.org/viewvc?view=rev&revision=772997 http://wiki.rpath.com/Advisories:rPSA-2009-0142 https://bugzilla.redhat.com/show_bug.cgi?id=489436 oval:org.mitre.oval:def:11094 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11094 oval:org.mitre.oval:def:12377 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12377 oval:org.mitre.oval:def:8704 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8704 Common Vulnerability Exposure (CVE) ID: CVE-2009-1191 1022264 http://www.securitytracker.com/id?1022264 34663 http://www.securityfocus.com/bid/34663 34827 http://secunia.com/advisories/34827 53921 http://osvdb.org/53921 ADV-2009-1147 http://www.vupen.com/english/advisories/2009/1147 MDVSA-2009:102 http://www.mandriva.com/security/advisories?name=MDVSA-2009:102 MDVSA-2013:150 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 [httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E apache-modproxyajp-information-disclosure(50059) https://exchange.xforce.ibmcloud.com/vulnerabilities/50059 http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=766938&r2=767089 http://www.apache.org/dist/httpd/patches/apply_to_2.2.11/PR46949.diff http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html https://issues.apache.org/bugzilla/show_bug.cgi?id=46949 oval:org.mitre.oval:def:8261 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8261 Common Vulnerability Exposure (CVE) ID: CVE-2009-1890 1022509 http://www.securitytracker.com/id?1022509 35565 http://www.securityfocus.com/bid/35565 35691 http://secunia.com/advisories/35691 35793 http://secunia.com/advisories/35793 35865 http://secunia.com/advisories/35865 37221 http://secunia.com/advisories/37221 55553 http://osvdb.org/55553 DSA-1834 http://www.debian.org/security/2009/dsa-1834 MDVSA-2009:149 http://www.mandriva.com/security/advisories?name=MDVSA-2009:149 PK91259 http://www-01.ibm.com/support/docview.wss?uid=swg1PK91259 PK99480 http://www-01.ibm.com/support/docview.wss?uid=swg1PK99480 RHSA-2009:1148 https://rhn.redhat.com/errata/RHSA-2009-1148.html USN-802-1 http://www.ubuntu.com/usn/USN-802-1 [mina-users] 20210714 CWE-189 CWE-189 Numeric Errors: CVE-2009-1890 in Apache Mina SSHD SFTP 2.7.0 library https://lists.apache.org/thread.html/rb33be0aa9bd8cac9536293e3821dcd4cf8180ad95a8036eedd46365e%40%3Cusers.mina.apache.org%3E http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=790587&r2=790586&pathrev=790587 http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?revision=790587 http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=790587&r2=790586&pathrev=790587 http://svn.apache.org/viewvc?view=rev&revision=790587 oval:org.mitre.oval:def:12330 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12330 oval:org.mitre.oval:def:8616 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8616 oval:org.mitre.oval:def:9403 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9403 Common Vulnerability Exposure (CVE) ID: CVE-2009-1891 1022529 http://www.securitytracker.com/id?1022529 35781 http://secunia.com/advisories/35781 55782 http://osvdb.org/55782 ADV-2009-1841 http://www.vupen.com/english/advisories/2009/1841 HPSBOV02683 http://marc.info/?l=bugtraq&m=130497311408250&w=2 PK91361 http://www-01.ibm.com/support/docview.wss?uid=swg1PK91361 SSRT090208 [apache-httpd-dev] 20090628 mod_deflate DoS http://marc.info/?l=apache-httpd-dev&m=124621326524824&w=2 [apache-httpd-dev] 20090703 Re: mod_deflate DoS http://marc.info/?l=apache-httpd-dev&m=124661528519546&w=2 [httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712 http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0142 https://bugzilla.redhat.com/show_bug.cgi?id=509125 oval:org.mitre.oval:def:12361 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12361 oval:org.mitre.oval:def:8632 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8632 oval:org.mitre.oval:def:9248 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9248
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.