Test ID:	1.3.6.1.4.1.25623.1.0.56185
Category:	Fedora Local Security Checks
Title:	Fedora Core 4 FEDORA-2006-052 (httpd)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to httpd announced via advisory FEDORA-2006-052. This update includes fixes for three security issues in the Apache HTTP Server. A memory leak in the worker MPM could allow remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2970 to this issue. This vulnerability only affects users who are using the non-default worker MPM. A flaw in mod_imap when using the Referer directive with image maps was discovered. With certain site configurations, a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers. (CVE-2005-3352) A NULL pointer dereference flaw in mod_ssl was discovered affecting server configurations where an SSL virtual host is configured with access control and a custom 400 error document. A remote attacker could send a carefully crafted request to trigger this issue which would lead to a crash. This crash would only be a denial of service if using the non-default worker MPM. (CVE-2005-3357) * Tue Jan 17 2006 Joe Orton 2.0.54-10.3 - mod_ssl: add security fix for HTTP-on-SSL-port handling (CVE-2005-3357) - mod_imap: add security fix for XSS issue (CVE-2005-3352) - worker MPM: add security fix for memory consumption DoS (CVE-2005-2970), and bug fixes for handling resource allocation failures (#171759) - mod_ssl: buffer request bodies for per-location renegotiation (upstream #12355) Solution: Apply the appropriate updates. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2006-052 Risk factor : High CVSS Score: 5.4
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2970 1015093 http://securitytracker.com/id?1015093 15762 http://www.securityfocus.com/bid/15762 16559 http://secunia.com/advisories/16559 17923 http://secunia.com/advisories/17923 18161 http://secunia.com/advisories/18161 18333 http://secunia.com/advisories/18333 18585 http://secunia.com/advisories/18585 FEDORA-2006-052 http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00060.html FLSA-2006:175406 http://www.securityfocus.com/archive/1/425399/100/0/threaded MDKSA-2005:233 http://www.mandriva.com/security/advisories?name=MDKSA-2005:233 RHSA-2006:0159 http://rhn.redhat.com/errata/RHSA-2006-0159.html SUSE-SR:2005:028 http://www.novell.com/linux/security/advisories/2005_28_sr.html USN-225-1 https://www.ubuntu.com/usn/usn-225-1/ [httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073139 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1888194 [4/13] - /httpd/site/trunk/content/security/json/ https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E http://mail-archives.apache.org/mod_mbox/httpd-cvs/200509.mbox/%3C20051001110218.40692.qmail%40minotaur.apache.org%3E http://svn.apache.org/viewcvs?rev=292949&view=rev oval:org.mitre.oval:def:10043 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10043 Common Vulnerability Exposure (CVE) ID: CVE-2005-3352 AIX APAR: PK16139 http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only AIX APAR: PK25355 http://www-1.ibm.com/support/search.wss?rs=0&q=PK25355&apar=only http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2008//May/msg00001.html BugTraq ID: 15834 http://www.securityfocus.com/bid/15834 Cert/CC Advisory: TA08-150A http://www.us-cert.gov/cas/techalerts/TA08-150A.html Debian Security Information: DSA-1167 (Google Search) http://www.debian.org/security/2006/dsa-1167 http://www.gentoo.org/security/en/glsa/glsa-200602-03.xml HPdes Security Advisory: HPSBMA02328 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449 HPdes Security Advisory: HPSBOV02683 http://marc.info/?l=bugtraq&m=130497311408250&w=2 HPdes Security Advisory: HPSBUX02145 http://www.securityfocus.com/archive/1/445206/100/0/threaded HPdes Security Advisory: HPSBUX02164 http://www.securityfocus.com/archive/1/450321/100/0/threaded HPdes Security Advisory: HPSBUX02172 http://www.securityfocus.com/archive/1/450315/100/0/threaded HPdes Security Advisory: SSRT061202 HPdes Security Advisory: SSRT061265 HPdes Security Advisory: SSRT061269 HPdes Security Advisory: SSRT071293 HPdes Security Advisory: SSRT090208 http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:007 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E http://www.openpkg.org/security/OpenPKG-SA-2005.029-apache.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10480 http://www.redhat.com/support/errata/RHSA-2006-0158.html RedHat Security Advisories: RHSA-2006:0159 RedHat Security Advisories: RHSA-2006:0692 http://rhn.redhat.com/errata/RHSA-2006-0692.html http://securitytracker.com/id?1015344 http://secunia.com/advisories/17319 http://secunia.com/advisories/18008 http://secunia.com/advisories/18339 http://secunia.com/advisories/18340 http://secunia.com/advisories/18429 http://secunia.com/advisories/18517 http://secunia.com/advisories/18526 http://secunia.com/advisories/18743 http://secunia.com/advisories/19012 http://secunia.com/advisories/20046 http://secunia.com/advisories/20670 http://secunia.com/advisories/21744 http://secunia.com/advisories/22140 http://secunia.com/advisories/22368 http://secunia.com/advisories/22388 http://secunia.com/advisories/22669 http://secunia.com/advisories/23260 http://secunia.com/advisories/25239 http://secunia.com/advisories/29420 http://secunia.com/advisories/29849 http://secunia.com/advisories/30430 SGI Security Advisory: 20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.685483 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.470158 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1 SuSE Security Announcement: SUSE-SA:2006:043 (Google Search) http://www.novell.com/linux/security/advisories/2006_43_apache.html SuSE Security Announcement: SUSE-SR:2006:004 (Google Search) http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html SuSE Security Announcement: SUSE-SR:2007:011 (Google Search) http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html http://www.trustix.org/errata/2005/0074/ http://www.ubuntulinux.org/usn/usn-241-1 http://www.vupen.com/english/advisories/2005/2870 http://www.vupen.com/english/advisories/2006/2423 http://www.vupen.com/english/advisories/2006/3995 http://www.vupen.com/english/advisories/2006/4015 http://www.vupen.com/english/advisories/2006/4300 http://www.vupen.com/english/advisories/2006/4868 http://www.vupen.com/english/advisories/2008/0924/references http://www.vupen.com/english/advisories/2008/1246/references http://www.vupen.com/english/advisories/2008/1697 Common Vulnerability Exposure (CVE) ID: CVE-2005-3357 1015447 http://securitytracker.com/id?1015447 102640 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102640-1 102662 16152 http://www.securityfocus.com/bid/16152 18307 http://secunia.com/advisories/18307 18339 18340 18429 18517 18743 19012 20060101-01-U 21848 http://secunia.com/advisories/21848 22233 http://secunia.com/advisories/22233 22368 22523 http://secunia.com/advisories/22523 22669 22992 http://secunia.com/advisories/22992 23260 29849 30430 ADV-2006-0056 http://www.vupen.com/english/advisories/2006/0056 ADV-2006-3920 http://www.vupen.com/english/advisories/2006/3920 ADV-2006-3995 ADV-2006-4207 http://www.vupen.com/english/advisories/2006/4207 ADV-2006-4300 ADV-2006-4868 ADV-2008-1246 ADV-2008-1697 APPLE-SA-2008-05-28 GLSA-200602-03 HPSBMA02328 HPSBOV02683 HPSBUX02145 HPSBUX02172 SSRT061202 SSRT061269 SSRT071293 SSRT090208 SUSE-SR:2006:004 SuSE-SA:2006:051 https://lists.opensuse.org/opensuse-security-announce/2006-09/msg00016.html TA08-150A TSLSA-2005-0074 USN-241-1 [httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E http://issues.apache.org/bugzilla/show_bug.cgi?id=37791 http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm http://svn.apache.org/viewcvs?rev=358026&view=rev http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 oval:org.mitre.oval:def:11467 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11467
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.