English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.51221
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2002:251
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2002:251.

Updated apache and httpd packages are available which fix a number of
security issues for Red Hat Linux Advanced Server 2.1.

[Updated 06 Feb 2003]
Added fixed packages for Advanced Workstation 2.1

The Apache HTTP server is a powerful, full-featured, efficient, and
freely-available Web server.

Buffer overflows in the ApacheBench support program (ab.c) in Apache
versions prior to 1.3.27 allow a malicious Web server to cause a denial of
service and possibly execute arbitrary code via a long response. The
Common Vulnerabilities and Exposures project has assigned the name
CVE-2002-0843 to this issue.

Two cross-site scripting vulnerabilities are present in the error pages
for the default '404 Not Found' error, and for the error response when a
plain HTTP request is received on an SSL port. Both of these issues are
only exploitable if the 'UseCanonicalName' setting has been changed to
'Off', and wildcard DNS is in use. These issues would allow remote
attackers to execute scripts as other Web page visitors, for instance, to
steal cookies. These issues affect versions of Apache 1.3 before 1.3.26,
and versions of mod_ssl before 2.8.12. The Common Vulnerabilities and
Exposures project has assigned the names CVE-2002-0840 and CVE-2002-1157 to
these issues.

The shared memory scoreboard in the HTTP daemon for Apache 1.3, prior to
version 1.3.27, allowed a user running as the 'apache' UID to send a
SIGUSR1 signal to any process as root, resulting in a denial of service
(process kill) or other such behavior that would not normally be allowed.
The Common Vulnerabilities and Exposures project has assigned the name
CVE-2002-0839 to this issue.

All users of the Apache HTTP server are advised to upgrade to the
applicable errata packages. For Red Hat Linux Advanced Server 2.1 these
packages include Apache version 1.3.27 which is not vulnerable to
these issues.

Note that the instructions in the 'Solution' section of this errata contain
additional steps required to complete the upgrade process.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2002-251.html
http://www.apacheweek.com/issues/02-10-04

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2002-0839
BugTraq ID: 5884
http://www.securityfocus.com/bid/5884
Bugtraq: 20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache) (Google Search)
http://marc.info/?l=bugtraq&m=103376585508776&w=2
Bugtraq: 20021015 GLSA: apache (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2002-10/0195.html
Bugtraq: 20021017 TSLSA-2002-0069-apache (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
Conectiva Linux advisory: CLA-2002:530
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
Debian Security Information: DSA-187 (Google Search)
http://www.debian.org/security/2002/dsa-187
Debian Security Information: DSA-188 (Google Search)
http://www.debian.org/security/2002/dsa-188
Debian Security Information: DSA-195 (Google Search)
http://www.debian.org/security/2002/dsa-195
En Garde Linux Advisory: ESA-20021007-024
http://www.linuxsecurity.com/advisories/other_advisory-2414.html
HPdes Security Advisory: HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: HPSBUX0210-224
http://online.securityfocus.com/advisories/4617
HPdes Security Advisory: SSRT090208
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
SGI Security Advisory: 20021105-01-I
ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0012.html
http://www.iss.net/security_center/static/10280.php
Common Vulnerability Exposure (CVE) ID: CVE-2002-0843
AIX APAR: IY87070
http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=only
BugTraq ID: 5887
http://www.securityfocus.com/bid/5887
BugTraq ID: 5995
http://www.securityfocus.com/bid/5995
BugTraq ID: 5996
http://www.securityfocus.com/bid/5996
Bugtraq: 20021016 Apache 1.3.26 (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html
Conectiva Linux advisory: 000530
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
Conectiva Linux advisory: CLSA-2002:530
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
http://secunia.com/advisories/21425
http://www.vupen.com/english/advisories/2006/3263
http://www.iss.net/security_center/static/10281.php
Common Vulnerability Exposure (CVE) ID: CVE-2002-0840
BugTraq ID: 5847
http://www.securityfocus.com/bid/5847
Bugtraq: 20021002 Apache 2 Cross-Site Scripting (Google Search)
http://marc.info/?l=bugtraq&m=103357160425708&w=2
CERT/CC vulnerability note: VU#240329
http://www.kb.cert.org/vuls/id/240329
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
http://www.osvdb.org/862
http://www.redhat.com/support/errata/RHSA-2002-222.html
http://www.redhat.com/support/errata/RHSA-2002-243.html
http://www.redhat.com/support/errata/RHSA-2002-244.html
http://www.redhat.com/support/errata/RHSA-2002-248.html
http://www.redhat.com/support/errata/RHSA-2002-251.html
http://www.redhat.com/support/errata/RHSA-2003-106.html
SGI Security Advisory: 20021105-02-I
ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html
XForce ISS Database: apache-http-host-xss(10241)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10241
Common Vulnerability Exposure (CVE) ID: CVE-2002-1157
BugTraq ID: 6029
http://www.securityfocus.com/bid/6029
Bugtraq: 20021023 [OpenPKG-SA-2002.010] OpenPKG Security Advisory (apache) (Google Search)
http://online.securityfocus.com/archive/1/296753
Bugtraq: 20021026 GLSA: mod_ssl (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2002-10/0374.html
Conectiva Linux advisory: CLA-2002:541
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000541
Debian Security Information: DSA-181 (Google Search)
http://www.debian.org/security/2002/dsa-181
En Garde Linux Advisory: ESA-20021029-027
http://www.linuxsecurity.com/advisories/other_advisory-2512.html
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-072.php
http://www.osvdb.org/2107
http://www.iss.net/security_center/static/10457.php
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.