Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.52884
Category:Turbolinux Local Security Tests
Title:Turbolinux TLSA-2004-11 (httpd)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to httpd
announced via advisory TLSA-2004-11.

Apache is a powerful, full-featured, efficient, and freely-available Web server.

- Apache does not filter terminal escape sequences from its error logs,
which could make it easier for attackers to insert those sequences
into terminal emulators containing vulnerabilities related to escape sequences.

- Memory leak in ssl_engine_io.c for mod_ssl in Apache 2.

The vulnerabilities may allow an attacker to cause a denial of service of httpd.

Solution: Please use the turbopkg (zabom) tool to apply the update.
http://www.securityspace.com/smysecure/catid.html?in=TLSA-2004-11

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2003-0020
http://marc.info/?l=bugtraq&m=108369640424244&w=2
BugTraq ID: 9930
http://www.securityfocus.com/bid/9930
Bugtraq: 20030224 Terminal Emulator Security Issues (Google Search)
http://marc.info/?l=bugtraq&m=104612710031920&w=2
Bugtraq: 20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache) (Google Search)
http://marc.info/?l=bugtraq&m=108437852004207&w=2
http://security.gentoo.org/glsa/glsa-200405-22.xml
HPdes Security Advisory: SSRT4717
http://marc.info/?l=bugtraq&m=108731648532365&w=2
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:050
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100109
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A150
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4114
http://www.redhat.com/support/errata/RHSA-2003-082.html
http://www.redhat.com/support/errata/RHSA-2003-083.html
http://www.redhat.com/support/errata/RHSA-2003-104.html
http://www.redhat.com/support/errata/RHSA-2003-139.html
http://www.redhat.com/support/errata/RHSA-2003-243.html
http://www.redhat.com/support/errata/RHSA-2003-244.html
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1
http://www.trustix.org/errata/2004/0017
http://www.trustix.org/errata/2004/0027
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
http://www.iss.net/security_center/static/11412.php
Common Vulnerability Exposure (CVE) ID: CVE-2004-0113
BugTraq ID: 9826
http://www.securityfocus.com/bid/9826
Bugtraq: 20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48 (Google Search)
http://marc.info/?l=bugtraq&m=108034113406858&w=2
Conectiva Linux advisory: CLSA-2004:839
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000839
http://security.gentoo.org/glsa/glsa-200403-04.xml
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:043
http://issues.apache.org/bugzilla/show_bug.cgi?id=27106
http://marc.info/?l=apache-cvs&m=107869699329638
https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
http://www.osvdb.org/4182
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A876
http://www.redhat.com/support/errata/RHSA-2004-084.html
http://www.redhat.com/support/errata/RHSA-2004-182.html
XForce ISS Database: apache-modssl-plain-dos(15419)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15419
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.