FreeBSD Local Security Checks : FreeBSD Ports: apache

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.52331

Category: FreeBSD Local Security Checks

Title: FreeBSD Ports: apache

Summary: FreeBSD Ports: apache

Description: The remote host is missing an update to the system
as announced in the referenced advisory.

The following package is affected: apache

CVE-2004-0748
mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause
a denial of service (CPU consumption) by aborting an SSL connection in
a way that causes an Apache child process to enter an infinite loop.

CVE-2004-0751
The char_buffer_read function in the mod_ssl module for Apache 2.x,
when using reverse proxying to an SSL server, allows remote attackers
to cause a denial of service (segmentation fault).

Solution:
Update your system with the appropriate patches or
software upgrades.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=29964
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=30134
http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=109527608022322
http://www.vuxml.org/freebsd/7b81fc47-239f-11d9-814e-0001020eed82.html

Cross-Ref: BugTraq ID: 11094
BugTraq ID: 11154
Common Vulnerability Exposure (CVE) ID: CVE-2004-0748
http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096
http://www.redhat.com/support/errata/RHSA-2004-349.html
SuSE Security Announcement: SUSE-SA:2004:030 (Google Search)
http://www.novell.com/linux/security/advisories/2004_30_apache2.html
http://www.trustix.org/errata/2004/0047/
AUSCERT Advisory: ESB-2004.0553
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11126
XForce ISS Database: apache-modssl-dos(17200)
http://xforce.iss.net/xforce/xfdb/17200
Common Vulnerability Exposure (CVE) ID: CVE-2004-0751
Bugtraq: 20040911 Remote buffer overflow in Apache mod_ssl when reverse proxying SSL (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2004-09/0096.html
http://www.redhat.com/support/errata/RHSA-2004-463.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11864
XForce ISS Database: apache-modssl-speculative-dos(17273)
http://xforce.iss.net/xforce/xfdb/17273

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.52331
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Ports: apache
Summary:	FreeBSD Ports: apache
Description:	The remote host is missing an update to the system as announced in the referenced advisory. The following package is affected: apache CVE-2004-0748 mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop. CVE-2004-0751 The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault). Solution: Update your system with the appropriate patches or software upgrades. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=29964 http://nagoya.apache.org/bugzilla/show_bug.cgi?id=30134 http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=109527608022322 http://www.vuxml.org/freebsd/7b81fc47-239f-11d9-814e-0001020eed82.html
Cross-Ref:	BugTraq ID: 11094 BugTraq ID: 11154 Common Vulnerability Exposure (CVE) ID: CVE-2004-0748 http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096 http://www.redhat.com/support/errata/RHSA-2004-349.html SuSE Security Announcement: SUSE-SA:2004:030 (Google Search) http://www.novell.com/linux/security/advisories/2004_30_apache2.html http://www.trustix.org/errata/2004/0047/ AUSCERT Advisory: ESB-2004.0553 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11126 XForce ISS Database: apache-modssl-dos(17200) http://xforce.iss.net/xforce/xfdb/17200 Common Vulnerability Exposure (CVE) ID: CVE-2004-0751 Bugtraq: 20040911 Remote buffer overflow in Apache mod_ssl when reverse proxying SSL (Google Search) http://archives.neohapsis.com/archives/bugtraq/2004-09/0096.html http://www.redhat.com/support/errata/RHSA-2004-463.html http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11864 XForce ISS Database: apache-modssl-speculative-dos(17273) http://xforce.iss.net/xforce/xfdb/17273
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com