English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 148472 CVE descriptions
and 72306 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2008-5
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 28 Jan 2007
 Last revised: 28 Jan 2007

 Package: httpd

 Summary: Cross-site scripting (XSS) vulnerabilities

 More information:
    Apache is a powerful, full-featured, efficient, and freely-available
    Web server. Apache is also the most popular Web server on the Internet.

    The Multiple cross-site scripting vulnerabilities exist in httpd.

 Impact:
    This vulnerabilities can be exploited to execute arbitrary HTML and script code
    in a user's browser session in context of an affected site.

 Affected Products:
    - Turbolinux 11 Server x64 Edition
    - Turbolinux 11 Server
    - Turbolinux Appliance Server 2.0
    - Turbolinux FUJI
    - Turbolinux 10 Server x64 Edition
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server
    - Turbolinux Multimedia
    - Turbolinux Personal


 <Turbolinux 11 Server x64 Edition>
 
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/httpd-2.2.6-8.src.rpm
      4770478 43cc94884710f6713e4c8009bc13cc8e

   Binary Packages
   Size: MD5

   httpd-2.2.6-8.x86_64.rpm
      1248348 50da0d7e23917d0dbafd8d376e86d15f
   httpd-devel-2.2.6-8.x86_64.rpm
       153058 32e998bfa6bbbd0a3d0bd79b0f6fbc5e
   httpd-manual-2.2.6-8.x86_64.rpm
       859352 01361da97499c944836b16b936797806
   mod_ssl-2.2.6-8.x86_64.rpm
        89658 c72ddaea571070dc37cba8ba35830257

 <Turbolinux 11 Server>
 
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/httpd-2.2.6-8.src.rpm
      4770478 f3da0e7aa7062cba0e8cd6312a20695a

   Binary Packages
   Size: MD5

   httpd-2.2.6-8.i686.rpm
      1176880 9b523bcfbf9abef68277521bfec5ef9b
   httpd-devel-2.2.6-8.i686.rpm
       153408 45dac1d8384666820fc35d86277b7930
   httpd-manual-2.2.6-8.i686.rpm
       858588 cadde127cd3dd9a8e4769dc85c757ff2
   mod_ssl-2.2.6-8.i686.rpm
        85358 c7ec94c102fc44df38467818f050e5a4

 <Turbolinux Appliance Server 2.0>

   Source Packages
   Size: MD5

   httpd-2.0.51-35.src.rpm
      6858623 47212add106398346b5d432b6922a4f1

   Binary Packages
   Size: MD5

   httpd-2.0.51-35.i586.rpm
      1033845 58883058ff379660fa269124a22811ba
   httpd-devel-2.0.51-35.i586.rpm
       225514 72b6507f46aa55c9614380e7e9efc79e
   httpd-manual-2.0.51-35.i586.rpm
      1132971 605d06f537f5dc44db1a8061a55eade5
   mod_bwshare-2.0.51-35.i586.rpm
        41674 27e675ac33117394ae5c0f6be0b65cad
   mod_ssl-2.0.51-35.i586.rpm
        89616 242ea7747de344647873a44ef0f40f53

 <Turbolinux FUJI>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/11/updates/SRPMS/httpd-2.0.54-21.src.rpm
      7624643 a71265885b03c6d5bdef84a290fede4c

   Binary Packages
   Size: MD5

   httpd-2.0.54-21.i686.rpm
      1266572 bb94f6cba63f623f290a0c76d22c1e5f
   httpd-devel-2.0.54-21.i686.rpm
       277155 8c47f7a5cead63ce4518fa6e8afb99fd

 <Turbolinux 10 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/httpd-2.0.51-35.src.rpm
      6858623 048b7bd476b2b449169cb6f628f17108

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-2.0.51-35.x86_64.rpm
      1144086 ba937d6d1cf34ea0fabf8218ceef92a8
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-debug-2.0.51-35.x86_64.rpm
      3534820 4281168ebc668c1f212443e3baba1d30
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-devel-2.0.51-35.x86_64.rpm
       225526 f62d934a3a73fa8314b0f51d8d339612
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-manual-2.0.51-35.x86_64.rpm
      1133963 083326e547eb92f412f61c1180c38b38
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/mod_bwshare-2.0.51-35.x86_64.rpm
        42412 0e363f7fc1467d4ed4841e5490f5a015
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/mod_ssl-2.0.51-35.x86_64.rpm
        97213 bf07993ade5ba631ca6088d15ddad66a

 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   apache-1.3.27-44.src.rpm
      3117812 b38442e3eaff5336d97ca43de1d4d388

   Binary Packages
   Size: MD5

   apache-1.3.27-44.i586.rpm
       538734 92c97be339f9ef172bd1c4d532f04be6
   apache-devel-1.3.27-44.i586.rpm
        95903 697807d64bfbfdbdcd5ea710010a91c7
   mod_ssl-2.8.14-44.i586.rpm
       183386 3f0c8eed6b0cc47842f88a28cd6f75b7

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   apache-1.3.27-44.src.rpm
      3117812 df39b77c25ce07194f61a2a012289a51

   Binary Packages
   Size: MD5

   apache-1.3.27-44.i586.rpm
       503956 29607656d80312befe94f6802887574a
   apache-devel-1.3.27-44.i586.rpm
        96220 1c48ea5f1212e3eb16d83f0ed0d12073
   mod_ssl-2.8.14-44.i586.rpm
       183517 1dfca53a5a7f13fb7612351882da29c0

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/httpd-2.0.51-35.src.rpm
      6858623 47212add106398346b5d432b6922a4f1

   Binary Packages
   Size: MD5

   httpd-2.0.51-35.i586.rpm
      1033845 58883058ff379660fa269124a22811ba
   httpd-debug-2.0.51-35.i586.rpm
      3540524 c13a1d148a64f95dcfa6f0f64f97ac31
   httpd-devel-2.0.51-35.i586.rpm
       225514 72b6507f46aa55c9614380e7e9efc79e
   httpd-manual-2.0.51-35.i586.rpm
      1132971 605d06f537f5dc44db1a8061a55eade5
   mod_bwshare-2.0.51-35.i586.rpm
        41674 27e675ac33117394ae5c0f6be0b65cad
   mod_ssl-2.0.51-35.i586.rpm
        89616 242ea7747de344647873a44ef0f40f53

 <Turbolinux Multimedia, Turbolinux Personal>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/httpd-2.0.48-23.src.rpm
      6326945 88b325ab81d50263c070783066d062f5

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/httpd-2.0.48-23.i586.rpm
       893313 f2ea498155f16a57f9d29942e8d7c11b


 References:

 CVE
   [CVE-2007-4465]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465
   [CVE-2007-6388]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
   [CVE-2007-6421]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421
   [CVE-2007-6422]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422
   [CVE-2008-0005]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005

 --------------------------------------------------------------------------
 Revision History
    28 Jan 2008 Initial release
 --------------------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iEYEARECAAYFAkedbiEACgkQK0LzjOqIJMyH9wCfXU2fX+ifwiEcEDxmYmwmbotQ
FOQAn0UvOwfGCWVqa6Dekze2COtEKPyR
=NTHD
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.