ID de Prueba:	1.3.6.1.4.1.25623.1.0.880683
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for httpd CESA-2009:1075 centos5 i386
Resumen:	The remote host is missing an update for the 'httpd'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'httpd' package(s) announced via the referenced advisory. Vulnerability Insight: The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the handling of compression structures between mod_ssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively impacting other processes, or causing a system crash. (CVE-2008-1678) Note: The CVE-2008-1678 issue did not affect Red Hat Enterprise Linux 5 prior to 5.3. The problem was introduced via the RHBA-2009:0181 errata in Red Hat Enterprise Linux 5.3, which upgraded OpenSSL to the newer 0.9.8e version. A flaw was found in the handling of the 'Options' and 'AllowOverride' directives. In configurations using the 'AllowOverride' directive with certain 'Options=' arguments, local users were not restricted from executing commands from a Server-Side-Include script as intended. (CVE-2009-1195) All httpd users should upgrade to these updated packages, which contain backported patches to resolve these issues. Users must restart httpd for this update to take effect. Affected Software/OS: httpd on CentOS 5 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1678 31026 http://secunia.com/advisories/31026 31416 http://secunia.com/advisories/31416 31681 http://www.securityfocus.com/bid/31681 31692 http://www.securityfocus.com/bid/31692 32222 http://secunia.com/advisories/32222 34219 http://secunia.com/advisories/34219 35264 http://secunia.com/advisories/35264 38761 http://secunia.com/advisories/38761 3981 http://securityreason.com/securityalert/3981 42724 http://secunia.com/advisories/42724 42733 http://secunia.com/advisories/42733 44183 http://secunia.com/advisories/44183 ADV-2008-2780 http://www.vupen.com/english/advisories/2008/2780 APPLE-SA-2008-10-09 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html FEDORA-2008-6393 https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00055.html GLSA-200807-06 http://security.gentoo.org/glsa/glsa-200807-06.xml MDVSA-2009:124 http://www.mandriva.com/security/advisories?name=MDVSA-2009:124 RHSA-2009:1075 http://www.redhat.com/support/errata/RHSA-2009-1075.html SSA:2010-060-02 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049 SUSE-SR:2008:024 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html USN-731-1 http://www.ubuntu.com/usn/USN-731-1 [openssl-dev] 20080512 possible memory leak in zlib compression http://marc.info/?l=openssl-dev&m=121060672602371&w=2 http://bugs.gentoo.org/show_bug.cgi?id=222643 http://support.apple.com/kb/HT3216 http://svn.apache.org/viewvc?view=rev&revision=654119 https://bugs.edge.launchpad.net/bugs/186339 https://bugs.edge.launchpad.net/bugs/224945 https://bugzilla.redhat.com/show_bug.cgi?id=447268 https://issues.apache.org/bugzilla/show_bug.cgi?id=44975 https://kb.bluecoat.com/index?page=content&id=SA50 openssl-libssl-dos(43948) https://exchange.xforce.ibmcloud.com/vulnerabilities/43948 oval:org.mitre.oval:def:9754 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9754 Common Vulnerability Exposure (CVE) ID: CVE-2009-1195 1022296 http://www.securitytracker.com/id?1022296 20091112 rPSA-2009-0142-1 httpd mod_ssl http://www.securityfocus.com/archive/1/507852/100/0/threaded 20091113 rPSA-2009-0142-2 httpd mod_ssl http://www.securityfocus.com/archive/1/507857/100/0/threaded 35115 http://www.securityfocus.com/bid/35115 35261 http://secunia.com/advisories/35261 35395 http://secunia.com/advisories/35395 35453 http://secunia.com/advisories/35453 35721 http://secunia.com/advisories/35721 37152 http://secunia.com/advisories/37152 54733 http://osvdb.org/54733 ADV-2009-1444 http://www.vupen.com/english/advisories/2009/1444 ADV-2009-3184 http://www.vupen.com/english/advisories/2009/3184 APPLE-SA-2009-11-09-1 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html DSA-1816 http://www.debian.org/security/2009/dsa-1816 FEDORA-2009-8812 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html GLSA-200907-04 http://security.gentoo.org/glsa/glsa-200907-04.xml HPSBUX02612 http://marc.info/?l=bugtraq&m=129190899612998&w=2 RHSA-2009:1156 http://www.redhat.com/support/errata/RHSA-2009-1156.html SSRT100345 SUSE-SA:2009:050 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html USN-787-1 http://www.ubuntu.com/usn/usn-787-1 [apache-httpd-dev] 20090423 Includes vs IncludesNoExec security issue - help needed http://marc.info/?l=apache-httpd-dev&m=124048996106302&w=2 [httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/ https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E apache-allowoverrides-security-bypass(50808) https://exchange.xforce.ibmcloud.com/vulnerabilities/50808 http://support.apple.com/kb/HT3937 http://svn.apache.org/viewvc?view=rev&revision=772997 http://wiki.rpath.com/Advisories:rPSA-2009-0142 https://bugzilla.redhat.com/show_bug.cgi?id=489436 oval:org.mitre.oval:def:11094 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11094 oval:org.mitre.oval:def:12377 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12377 oval:org.mitre.oval:def:8704 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8704
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.