Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2013-0179)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2013.0179

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2013-0179)

Resumen: The remote host is missing an update for the 'apache-mod_security' package(s) announced via the MGASA-2013-0179 advisory.

Descripción: Summary:
The remote host is missing an update for the 'apache-mod_security' package(s) announced via the MGASA-2013-0179 advisory.

Vulnerability Insight:
Updated apache-mod_security packages fix security vulnerability:

When ModSecurity receives a request body with a size bigger than the
value set by the 'SecRequestBodyInMemoryLimit' and with a
'Content-Type' that has no request body processor mapped to it,
ModSecurity will systematically crash on every call to
'forceRequestBodyVariable' (in phase 1) (CVE-2013-2765).

Affected Software/OS:
'apache-mod_security' package(s) on Mageia 2, Mageia 3.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-2765
Bugtraq: 20130528 [SECURITY][CVE-2013-2765][ModSecurity] Remote Null Pointer Dereference (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2013-05/0125.html
http://www.shookalabs.com/
https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba
https://github.com/shookalabs/exploits/blob/master/modsecurity_cve_2013_2765_check.py
http://sourceforge.net/mailarchive/message.php?msg_id=30900019
SuSE Security Announcement: openSUSE-SU-2013:1331 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html
SuSE Security Announcement: openSUSE-SU-2013:1336 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html
SuSE Security Announcement: openSUSE-SU-2013:1342 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2013.0179
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2013-0179)
Resumen:	The remote host is missing an update for the 'apache-mod_security' package(s) announced via the MGASA-2013-0179 advisory.
Descripción:	Summary: The remote host is missing an update for the 'apache-mod_security' package(s) announced via the MGASA-2013-0179 advisory. Vulnerability Insight: Updated apache-mod_security packages fix security vulnerability: When ModSecurity receives a request body with a size bigger than the value set by the 'SecRequestBodyInMemoryLimit' and with a 'Content-Type' that has no request body processor mapped to it, ModSecurity will systematically crash on every call to 'forceRequestBodyVariable' (in phase 1) (CVE-2013-2765). Affected Software/OS: 'apache-mod_security' package(s) on Mageia 2, Mageia 3. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2765 Bugtraq: 20130528 [SECURITY][CVE-2013-2765][ModSecurity] Remote Null Pointer Dereference (Google Search) http://archives.neohapsis.com/archives/bugtraq/2013-05/0125.html http://www.shookalabs.com/ https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba https://github.com/shookalabs/exploits/blob/master/modsecurity_cve_2013_2765_check.py http://sourceforge.net/mailarchive/message.php?msg_id=30900019 SuSE Security Announcement: openSUSE-SU-2013:1331 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html SuSE Security Announcement: openSUSE-SU-2013:1336 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html SuSE Security Announcement: openSUSE-SU-2013:1342 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html
Copyright	Copyright (C) 2022 Greenbone AG