Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.55022
Category:Turbolinux Local Security Tests
Title:Turbolinux TLSA-2005-81 (apache, httpd)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to apache, httpd
announced via advisory TLSA-2005-81.

Apache is a powerful, full-featured, efficient, and freely-available
Web server. Apache is also the most popular Web server on the Internet.

- A vulnerability in the manner in which mod_ssl handles CRL
could allow remote attackers to cause a denial of service.
- The apache, when acting as an HTTP proxy, allows remote attackers to poison the web cache,
bypass web application firewall protection, and conduct XSS attacks via an HTTP request.

These vulerabilities allow remote attackers to cause a denial of service.

Solution: Please use the turbopkg (zabom) tool to apply the update.
http://www.securityspace.com/smysecure/catid.html?in=TLSA-2005-81

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-1268
BugTraq ID: 14366
http://www.securityfocus.com/bid/14366
Debian Security Information: DSA-805 (Google Search)
http://www.debian.org/security/2005/dsa-805
HPdes Security Advisory: HPSBUX02074
http://www.securityfocus.com/archive/1/428138/100/0/threaded
HPdes Security Advisory: SSRT051251
http://www.mandriva.com/security/advisories?name=MDKSA-2005:129
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163013
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1346
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1714
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1747
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9589
http://www.redhat.com/support/errata/RHSA-2005-582.html
http://rhn.redhat.com/errata/RHSA-2005-582.html
http://secunia.com/advisories/19072
http://secunia.com/advisories/19185
http://securityreason.com/securityalert/604
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
SuSE Security Announcement: SUSE-SA:2005:046 (Google Search)
http://www.novell.com/linux/security/advisories/2005_46_apache.html
SuSE Security Announcement: SUSE-SR:2005:018 (Google Search)
http://www.novell.com/linux/security/advisories/2005_18_sr.html
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
http://www.vupen.com/english/advisories/2006/0789
Common Vulnerability Exposure (CVE) ID: CVE-2005-2088
AIX APAR: PK13959
http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only
AIX APAR: PK16139
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only
http://docs.info.apple.com/article.html?artnum=302847
BugTraq ID: 14106
http://www.securityfocus.com/bid/14106
BugTraq ID: 15647
http://www.securityfocus.com/bid/15647
Bugtraq: 20050606 A new whitepaper by Watchfire - HTTP Request Smuggling (Google Search)
http://seclists.org/lists/bugtraq/2005/Jun/0025.html
Debian Security Information: DSA-803 (Google Search)
http://www.debian.org/security/2005/dsa-803
HPdes Security Advisory: HPSBUX02101
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828
HPdes Security Advisory: SSRT051128
http://www.mandriva.com/security/advisories?name=MDKSA-2005:130
http://www.securiteam.com/securityreviews/5GP0220G0U.html
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840
http://securitytracker.com/id?1014323
http://secunia.com/advisories/14530
http://secunia.com/advisories/17319
http://secunia.com/advisories/17487
http://secunia.com/advisories/17813
http://secunia.com/advisories/19073
http://secunia.com/advisories/19317
http://secunia.com/advisories/23074
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1
http://www.ubuntu.com/usn/usn-160-2
http://www.vupen.com/english/advisories/2005/2140
http://www.vupen.com/english/advisories/2005/2659
http://www.vupen.com/english/advisories/2006/1018
http://www.vupen.com/english/advisories/2006/4680
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.