English | Deutsch | Español | Português
 UserID:
 Passwd:
 new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   		     Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.56156
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-241-1 (apache)
Summary:Ubuntu USN-241-1 (apache)
Description:
The remote host is missing an update to apache
announced via advisory USN-241-1.

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected: apache-common apache2-common apache2-mpm-worker

The mod_imap module (which provides support for image maps) did not
properly escape the referer URL which rendered it vulnerable against
a cross-site scripting attack. A malicious web page (or HTML email)
could trick a user into visiting a site running the vulnerable mod_imap,
and employ cross-site-scripting techniques to gather sensitive user
information from that site. (CVE-2005-3352)

Hartmut Keil discovered a Denial of Service vulnerability in the SSL
module (mod_ssl) that affects SSL-enabled virtual hosts with a
customized error page for error 400. By sending a specially crafted
request to the server, a remote attacker could crash the server. This
only affects Apache 2, and only if the worker implementation
(apache2-mpm-worker) is used. (CVE-2005-3357)

Solution:
The problem can be corrected by upgrading the affected package to
following versions:

Ubuntu 4.10:
apache-common 1.3.31-6ubuntu0.9
apache2-common 2.0.50-12ubuntu4.10
apache2-mpm-worker 2.0.50-12ubuntu4.10

Ubuntu 5.04:
apache-common 1.3.33-4ubuntu2
apache2-common 2.0.53-5ubuntu5.5
apache2-mpm-worker 2.0.53-5ubuntu5.5

Ubuntu 5.10:
apache-common 1.3.33-8ubuntu1
apache2-common 2.0.54-5ubuntu4
apache2-mpm-worker 2.0.54-5ubuntu4

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-241-1

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-3352
AIX APAR: PK16139
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only
AIX APAR: PK25355
http://www-1.ibm.com/support/search.wss?rs=0&q=PK25355&apar=only
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
Debian Security Information: DSA-1167 (Google Search)
http://www.debian.org/security/2006/dsa-1167
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00060.html
http://www.securityfocus.com/archive/1/archive/1/425399/100/0/threaded
http://www.gentoo.org/security/en/glsa/glsa-200602-03.xml
HPdes Security Advisory: HPSBUX02145
http://www.securityfocus.com/archive/1/archive/1/445206/100/0/threaded
HPdes Security Advisory: SSRT061202
HPdes Security Advisory: HPSBUX02164
http://www.securityfocus.com/archive/1/archive/1/450321/100/0/threaded
HPdes Security Advisory: HPSBUX02172
http://www.securityfocus.com/archive/1/archive/1/450315/100/0/threaded
HPdes Security Advisory: SSRT061265
HPdes Security Advisory: SSRT061269
HPdes Security Advisory: HPSBMA02328
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449
HPdes Security Advisory: SSRT071293
HPdes Security Advisory: HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: SSRT090208
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:007
http://www.openpkg.org/security/OpenPKG-SA-2005.029-apache.txt
RedHat Security Advisories: RHSA-2006:0159
http://rhn.redhat.com/errata/RHSA-2006-0159.html
http://www.redhat.com/support/errata/RHSA-2006-0158.html
RedHat Security Advisories: RHSA-2006:0692
http://rhn.redhat.com/errata/RHSA-2006-0692.html
SGI Security Advisory: 20060101-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.685483
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.470158
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1
SuSE Security Announcement: SUSE-SR:2006:004 (Google Search)
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html
SuSE Security Announcement: SUSE-SA:2006:043 (Google Search)
http://www.novell.com/linux/security/advisories/2006_43_apache.html
SuSE Security Announcement: SUSE-SR:2007:011 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html
http://www.trustix.org/errata/2005/0074/
http://www.ubuntulinux.org/usn/usn-241-1
Cert/CC Advisory: TA08-150A
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
BugTraq ID: 15834
http://www.securityfocus.com/bid/15834
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10480
http://www.vupen.com/english/advisories/2005/2870
http://www.vupen.com/english/advisories/2006/2423
http://www.vupen.com/english/advisories/2006/3995
http://www.vupen.com/english/advisories/2006/4015
http://www.vupen.com/english/advisories/2006/4300
http://www.vupen.com/english/advisories/2006/4868
http://www.vupen.com/english/advisories/2008/0924/references
http://www.vupen.com/english/advisories/2008/1246/references
http://www.vupen.com/english/advisories/2008/1697
http://securitytracker.com/id?1015344
http://secunia.com/advisories/18008
http://secunia.com/advisories/18333
http://secunia.com/advisories/18339
http://secunia.com/advisories/18340
http://secunia.com/advisories/18429
http://secunia.com/advisories/18585
http://secunia.com/advisories/18517
http://secunia.com/advisories/18743
http://secunia.com/advisories/17319
http://secunia.com/advisories/18526
http://secunia.com/advisories/19012
http://secunia.com/advisories/20670
http://secunia.com/advisories/21744
http://secunia.com/advisories/22140
http://secunia.com/advisories/22368
http://secunia.com/advisories/22388
http://secunia.com/advisories/22669
http://secunia.com/advisories/23260
http://secunia.com/advisories/20046
http://secunia.com/advisories/25239
http://secunia.com/advisories/29420
http://secunia.com/advisories/29849
http://secunia.com/advisories/30430
Common Vulnerability Exposure (CVE) ID: CVE-2005-3357
http://svn.apache.org/viewcvs?rev=358026&view=rev
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102640-1
SuSE Security Announcement: SuSE-SA:2006:051 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2006-Sep/0004.html
SuSE Security Announcement: SUSE-SA:2006:051 (Google Search)
http://www.novell.com/linux/security/advisories/2006_51_apache.html
BugTraq ID: 16152
http://www.securityfocus.com/bid/16152
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11467
http://www.vupen.com/english/advisories/2006/0056
http://www.vupen.com/english/advisories/2006/3920
http://www.vupen.com/english/advisories/2006/4207
http://securitytracker.com/id?1015447
http://secunia.com/advisories/18307
http://secunia.com/advisories/21848
http://secunia.com/advisories/22233
http://secunia.com/advisories/22523
http://secunia.com/advisories/22992
Common Vulnerability Exposure (CVE) ID: CVE-2005-3191
http://www.idefense.com/application/poi/display?id=343&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289
Bugtraq: 20051207 [KDE Security Advisory] multiple buffer overflows in kpdf/koffice (Google Search)
http://www.securityfocus.com/archive/1/archive/1/418883/100/0/threaded
Debian Security Information: DSA-931 (Google Search)
http://www.debian.org/security/2005/dsa-931
Debian Security Information: DSA-932 (Google Search)
http://www.debian.org/security/2005/dsa-932
Debian Security Information: DSA-937 (Google Search)
http://www.debian.org/security/2005/dsa-937
Debian Security Information: DSA-938 (Google Search)
http://www.debian.org/security/2005/dsa-938
Debian Security Information: DSA-940 (Google Search)
http://www.debian.org/security/2005/dsa-940
Debian Security Information: DSA-936 (Google Search)
http://www.debian.org/security/2006/dsa-936
Debian Security Information: DSA-950 (Google Search)
http://www.debian.org/security/2006/dsa-950
Debian Security Information: DSA-961 (Google Search)
http://www.debian.org/security/2006/dsa-961
Debian Security Information: DSA-962 (Google Search)
http://www.debian.org/security/2006/dsa-962
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html
http://www.securityfocus.com/archive/1/archive/1/427990/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/427053/100/0/threaded
http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml
http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:010
http://www.mandriva.com/security/advisories?name=MDKSA-2006:003
http://www.mandriva.com/security/advisories?name=MDKSA-2006:004
http://www.mandriva.com/security/advisories?name=MDKSA-2006:005
http://www.mandriva.com/security/advisories?name=MDKSA-2006:006
http://www.mandriva.com/security/advisories?name=MDKSA-2006:008
http://www.mandriva.com/security/advisories?name=MDKSA-2006:012
http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
http://www.redhat.com/support/errata/RHSA-2005-840.html
http://www.redhat.com/support/errata/RHSA-2005-867.html
http://www.redhat.com/support/errata/RHSA-2005-878.html
RedHat Security Advisories: RHSA-2005:868
http://rhn.redhat.com/errata/RHSA-2005-868.html
http://www.redhat.com/support/errata/RHSA-2006-0160.html
SCO Security Bulletin: SCOSA-2006.15
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
SCO Security Bulletin: SCOSA-2006.20
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt
SCO Security Bulletin: SCOSA-2006.21
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt
SGI Security Advisory: 20051201-01-U
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
SGI Security Advisory: 20060201-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
SuSE Security Announcement: SUSE-SA:2006:001 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
SuSE Security Announcement: SUSE-SR:2006:002 (Google Search)
http://www.novell.com/linux/security/advisories/2006_02_sr.html
SuSE Security Announcement: SUSE-SR:2006:001 (Google Search)
SuSE Security Announcement: SUSE-SR:2005:029 (Google Search)
http://www.novell.com/linux/security/advisories/2005_29_sr.html
http://www.trustix.org/errata/2005/0072/
http://www.ubuntulinux.org/usn/usn-227-1
BugTraq ID: 15726
http://www.securityfocus.com/bid/15726
BugTraq ID: 15727
http://www.securityfocus.com/bid/15727
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9760
http://www.vupen.com/english/advisories/2005/2786
http://www.vupen.com/english/advisories/2005/2789
http://www.vupen.com/english/advisories/2005/2790
http://www.vupen.com/english/advisories/2005/2788
http://www.vupen.com/english/advisories/2005/2856
http://www.vupen.com/english/advisories/2005/2787
http://www.vupen.com/english/advisories/2007/2280
http://securitytracker.com/id?1015309
http://securitytracker.com/id?1015324
http://secunia.com/advisories/17908
http://secunia.com/advisories/17912
http://secunia.com/advisories/17916
http://secunia.com/advisories/17920
http://secunia.com/advisories/17921
http://secunia.com/advisories/17929
http://secunia.com/advisories/17940
http://secunia.com/advisories/17976
http://secunia.com/advisories/18009
http://secunia.com/advisories/18055
http://secunia.com/advisories/18061
http://secunia.com/advisories/17897
http://secunia.com/advisories/17926
http://secunia.com/advisories/18191
http://secunia.com/advisories/18192
http://secunia.com/advisories/18189
http://secunia.com/advisories/18313
http://secunia.com/advisories/18336
http://secunia.com/advisories/18387
http://secunia.com/advisories/18416
http://secunia.com/advisories/18349
http://secunia.com/advisories/18385
http://secunia.com/advisories/18389
http://secunia.com/advisories/18448
http://secunia.com/advisories/18398
http://secunia.com/advisories/18407
http://secunia.com/advisories/18534
http://secunia.com/advisories/18549
http://secunia.com/advisories/18582
http://secunia.com/advisories/18303
http://secunia.com/advisories/18554
http://secunia.com/advisories/17955
http://secunia.com/advisories/18674
http://secunia.com/advisories/18675
http://secunia.com/advisories/18679
http://secunia.com/advisories/18908
http://secunia.com/advisories/18913
http://secunia.com/advisories/19230
http://secunia.com/advisories/19377
http://secunia.com/advisories/18503
http://secunia.com/advisories/18147
http://secunia.com/advisories/18380
http://secunia.com/advisories/18428
http://secunia.com/advisories/18436
http://secunia.com/advisories/19797
http://secunia.com/advisories/19798
http://secunia.com/advisories/25729
http://secunia.com/advisories/26413
http://securityreason.com/securityalert/233
http://securityreason.com/securityalert/234
XForce ISS Database: xpdf-dctstream-baseline-bo(23444)
http://xforce.iss.net/xforce/xfdb/23444
XForce ISS Database: xpdf-dctstream-progressive-bo(23443)
http://xforce.iss.net/xforce/xfdb/23443
Common Vulnerability Exposure (CVE) ID: CVE-2005-3192
http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities
http://scary.beasts.org/security/CESA-2005-003.txt
http://www.debian.org/security/2006/dsa-937
BugTraq ID: 15725
http://www.securityfocus.com/bid/15725
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10914
http://www.vupen.com/english/advisories/2005/2755
http://secunia.com/advisories/17897/
http://securityreason.com/securityalert/235
http://securityreason.com/securityalert/240
XForce ISS Database: xpdf-streampredictor-bo(23442)
http://xforce.iss.net/xforce/xfdb/23442
Common Vulnerability Exposure (CVE) ID: CVE-2005-3624
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html
http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
RedHat Security Advisories: RHSA-2006:0177
http://rhn.redhat.com/errata/RHSA-2006-0177.html
http://www.redhat.com/support/errata/RHSA-2006-0163.html
http://www.trustix.org/errata/2006/0002/
http://www.ubuntulinux.org/support/documentation/usn/usn-236-1
BugTraq ID: 16143
http://www.securityfocus.com/bid/16143
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9437
http://www.vupen.com/english/advisories/2006/0047
http://secunia.com/advisories/18312
http://secunia.com/advisories/18329
http://secunia.com/advisories/18332
http://secunia.com/advisories/18334
http://secunia.com/advisories/18338
http://secunia.com/advisories/18375
http://secunia.com/advisories/18423
http://secunia.com/advisories/18642
http://secunia.com/advisories/18644
http://secunia.com/advisories/18425
http://secunia.com/advisories/18463
http://secunia.com/advisories/18373
http://secunia.com/advisories/18414
XForce ISS Database: xpdf-ccitt-faxstream-bo(24022)
http://xforce.iss.net/xforce/xfdb/24022
Common Vulnerability Exposure (CVE) ID: CVE-2005-3625
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9575
http://secunia.com/advisories/18335
XForce ISS Database: xpdf-ccittfaxdecode-dctdecode-dos(24023)
http://xforce.iss.net/xforce/xfdb/24023
Common Vulnerability Exposure (CVE) ID: CVE-2005-3626
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9992
XForce ISS Database: xpdf-flatedecode-dos(24026)
http://xforce.iss.net/xforce/xfdb/24026
Common Vulnerability Exposure (CVE) ID: CVE-2005-3627
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10200
XForce ISS Database: xpdf-readhuffmantables-bo(24024)
http://xforce.iss.net/xforce/xfdb/24024
XForce ISS Database: xpdf-readscaninfo-bo(24025)
http://xforce.iss.net/xforce/xfdb/24025
Common Vulnerability Exposure (CVE) ID: CVE-2005-3628
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10287
Common Vulnerability Exposure (CVE) ID: CVE-2005-2475
Bugtraq: 20050801 unzip TOCTOU file-permissions vulnerability (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=112300046224117&w=2
Debian Security Information: DSA-903 (Google Search)
http://www.debian.org/security/2005/dsa-903
http://www.mandriva.com/security/advisories?name=MDKSA-2005:197
http://www.redhat.com/support/errata/RHSA-2007-0203.html
SCO Security Bulletin: SCOSA-2005.39
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.39/SCOSA-2005.39.txt
http://www.trustix.org/errata/2005/0053/
http://www.ubuntu.com/usn/usn-191-1
BugTraq ID: 14450
http://www.securityfocus.com/bid/14450
http://www.osvdb.org/18530
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9975
http://secunia.com/advisories/16309
http://secunia.com/advisories/17653
http://secunia.com/advisories/17045
http://secunia.com/advisories/17342
http://secunia.com/advisories/16985
http://secunia.com/advisories/17006
http://secunia.com/advisories/25098
http://securityreason.com/securityalert/32
Common Vulnerability Exposure (CVE) ID: CVE-2006-0162
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041325.html
http://www.zerodayinitiative.com/advisories/ZDI-06-001.html
Debian Security Information: DSA-947 (Google Search)
http://www.debian.org/security/2006/dsa-947
http://www.gentoo.org/security/en/glsa/glsa-200601-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:016
CERT/CC vulnerability note: VU#385908
http://www.kb.cert.org/vuls/id/385908
BugTraq ID: 16191
http://www.securityfocus.com/bid/16191
http://www.vupen.com/english/advisories/2006/0116
http://www.osvdb.org/22318
http://securitytracker.com/id?1015457
http://secunia.com/advisories/18379
http://secunia.com/advisories/18453
http://secunia.com/advisories/18478
http://secunia.com/advisories/18548
http://securityreason.com/securityalert/342
XForce ISS Database: clamav-libclamav-upx-bo(24047)
http://xforce.iss.net/xforce/xfdb/24047
Common Vulnerability Exposure (CVE) ID: CVE-2005-4591
SuSE Security Announcement: SUSE-SR:2006:003 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html
http://www.ubuntulinux.org/support/documentation/usn/usn-240-1
BugTraq ID: 16171
http://www.securityfocus.com/bid/16171
http://www.vupen.com/english/advisories/2006/0100
http://secunia.com/advisories/18352
http://secunia.com/advisories/18427
http://secunia.com/advisories/18717
XForce ISS Database: bogofilter-unicode-bo(24118)
http://xforce.iss.net/xforce/xfdb/24118
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  
 Forgot userid or passwd?
Email/Userid:



Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2013 E-Soft Inc. All rights reserved.