English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 76783 CVE descriptions
and 40246 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.50958
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2003:360
Summary:Redhat Security Advisory RHSA-2003:360
Description:
The remote host is missing updates announced in
advisory RHSA-2003:360.

The Apache HTTP server is a powerful, full-featured, efficient, and
freely-available Web server.

An issue in the handling of regular expressions from configuration files
was discovered in releases of the Apache HTTP Server version 1.3 prior to
1.3.29. To exploit this issue an attacker would need to have the ability
to write to Apache configuration files such as .htaccess or httpd.conf. A
carefully-crafted configuration file can cause an exploitable buffer
overflow and would allow the attacker to execute arbitrary code in the
context of the server (in default configurations as the 'apache' user).
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2003-0542 to this issue.

This update also includes an alternative version of the httpd binary which
supports setting the MaxClients configuration directive to values above 256.

All users of the Apache HTTP Web Server are advised to upgrade to the
applicable errata packages, which contain back-ported fixes correcting
the above security issue.

Note that the instructions in the Solution section of this errata contain
additional steps required to complete the upgrade process.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2003-360.html
http://www.apacheweek.com/features/security-13.html

Risk factor : High
Cross-Ref: BugTraq ID: 9504
BugTraq ID: 8911
Common Vulnerability Exposure (CVE) ID: CVE-2003-0542
http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html
HPdes Security Advisory: HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: SSRT090208
Immunix Linux Advisory: IMNX-2003-7+-025-01
Bugtraq: 20031028 [OpenPKG-SA-2003.046] OpenPKG Security Advisory (apache) (Google Search)
http://www.securityfocus.com/archive/1/342674
Bugtraq: 20031031 GLSA: apache (200310-04) (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=106761802305141&w=2
HPdes Security Advisory: HPSBUX0311-301
http://www.securityfocus.com/advisories/6079
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103
http://www.redhat.com/support/errata/RHSA-2003-320.html
http://www.redhat.com/support/errata/RHSA-2003-360.html
http://www.redhat.com/support/errata/RHSA-2003-405.html
http://www.redhat.com/support/errata/RHSA-2004-015.html
http://www.redhat.com/support/errata/RHSA-2005-816.html
SCO Security Bulletin: CSSA-2003-SCO.28
SCO Security Bulletin: SCOSA-2004.6
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt
SGI Security Advisory: 20031203-01-U
ftp://patches.sgi.com/support/free/security/advisories/20031203-01-U.asc
SGI Security Advisory: 20040202-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101444-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1
CERT/CC vulnerability note: VU#434566
http://www.kb.cert.org/vuls/id/434566
CERT/CC vulnerability note: VU#549142
http://www.kb.cert.org/vuls/id/549142
http://www.securityfocus.com/bid/8911
http://www.securityfocus.com/bid/9504
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:863
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:864
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3799
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9458
http://secunia.com/advisories/10096
http://secunia.com/advisories/10098
http://secunia.com/advisories/10102
http://secunia.com/advisories/10112
http://secunia.com/advisories/10114
http://secunia.com/advisories/10153
http://secunia.com/advisories/10260
http://secunia.com/advisories/10264
http://secunia.com/advisories/10463
http://secunia.com/advisories/10580
http://secunia.com/advisories/10593
XForce ISS Database: apache-modalias-modrewrite-bo(13400)
http://xforce.iss.net/xforce/xfdb/13400
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 40246 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.