English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57335
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-1167-1)
Summary:The remote host is missing an update for the Debian 'apache' package(s) announced via the DSA-1167-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'apache' package(s) announced via the DSA-1167-1 advisory.

Vulnerability Insight:
Several remote vulnerabilities have been discovered in the Apache, the worlds most popular webserver, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2005-3352

A cross-site scripting (XSS) flaw exists in the mod_imap component of the Apache server.

CVE-2006-3918

Apache does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks.

For the stable distribution (sarge) these problems have been fixed in version 1.3.33-6sarge3.

For the unstable distribution (sid) these problems have been fixed in version 1.3.34-3.

We recommend that you upgrade your apache package.

Affected Software/OS:
'apache' package(s) on Debian 3.1.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-3352
AIX APAR: PK16139
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only
AIX APAR: PK25355
http://www-1.ibm.com/support/search.wss?rs=0&q=PK25355&apar=only
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
BugTraq ID: 15834
http://www.securityfocus.com/bid/15834
Cert/CC Advisory: TA08-150A
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
Debian Security Information: DSA-1167 (Google Search)
http://www.debian.org/security/2006/dsa-1167
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00060.html
http://www.securityfocus.com/archive/1/425399/100/0/threaded
http://www.gentoo.org/security/en/glsa/glsa-200602-03.xml
HPdes Security Advisory: HPSBMA02328
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449
HPdes Security Advisory: HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: HPSBUX02145
http://www.securityfocus.com/archive/1/445206/100/0/threaded
HPdes Security Advisory: HPSBUX02164
http://www.securityfocus.com/archive/1/450321/100/0/threaded
HPdes Security Advisory: HPSBUX02172
http://www.securityfocus.com/archive/1/450315/100/0/threaded
HPdes Security Advisory: SSRT061202
HPdes Security Advisory: SSRT061265
HPdes Security Advisory: SSRT061269
HPdes Security Advisory: SSRT071293
HPdes Security Advisory: SSRT090208
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:007
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E
http://www.openpkg.org/security/OpenPKG-SA-2005.029-apache.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10480
http://www.redhat.com/support/errata/RHSA-2006-0158.html
RedHat Security Advisories: RHSA-2006:0159
http://rhn.redhat.com/errata/RHSA-2006-0159.html
RedHat Security Advisories: RHSA-2006:0692
http://rhn.redhat.com/errata/RHSA-2006-0692.html
http://securitytracker.com/id?1015344
http://secunia.com/advisories/17319
http://secunia.com/advisories/18008
http://secunia.com/advisories/18333
http://secunia.com/advisories/18339
http://secunia.com/advisories/18340
http://secunia.com/advisories/18429
http://secunia.com/advisories/18517
http://secunia.com/advisories/18526
http://secunia.com/advisories/18585
http://secunia.com/advisories/18743
http://secunia.com/advisories/19012
http://secunia.com/advisories/20046
http://secunia.com/advisories/20670
http://secunia.com/advisories/21744
http://secunia.com/advisories/22140
http://secunia.com/advisories/22368
http://secunia.com/advisories/22388
http://secunia.com/advisories/22669
http://secunia.com/advisories/23260
http://secunia.com/advisories/25239
http://secunia.com/advisories/29420
http://secunia.com/advisories/29849
http://secunia.com/advisories/30430
SGI Security Advisory: 20060101-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.685483
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.470158
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1
SuSE Security Announcement: SUSE-SA:2006:043 (Google Search)
http://www.novell.com/linux/security/advisories/2006_43_apache.html
SuSE Security Announcement: SUSE-SR:2006:004 (Google Search)
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html
SuSE Security Announcement: SUSE-SR:2007:011 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html
http://www.trustix.org/errata/2005/0074/
http://www.ubuntulinux.org/usn/usn-241-1
http://www.vupen.com/english/advisories/2005/2870
http://www.vupen.com/english/advisories/2006/2423
http://www.vupen.com/english/advisories/2006/3995
http://www.vupen.com/english/advisories/2006/4015
http://www.vupen.com/english/advisories/2006/4300
http://www.vupen.com/english/advisories/2006/4868
http://www.vupen.com/english/advisories/2008/0924/references
http://www.vupen.com/english/advisories/2008/1246/references
http://www.vupen.com/english/advisories/2008/1697
Common Vulnerability Exposure (CVE) ID: CVE-2006-3918
AIX APAR: PK24631
http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631
AIX APAR: PK27875
http://www-1.ibm.com/support/docview.wss?uid=swg24013080
BugTraq ID: 19661
http://www.securityfocus.com/bid/19661
Bugtraq: 20060508 Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1 (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html
Bugtraq: 20060724 Write-up by Amit Klein: "Forging HTTP request headers with Flash" (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html
HPdes Security Advisory: HPSBUX02465
http://marc.info/?l=bugtraq&m=125631037611762&w=2
HPdes Security Advisory: HPSBUX02612
http://marc.info/?l=bugtraq&m=129190899612998&w=2
HPdes Security Advisory: SSRT090192
HPdes Security Advisory: SSRT100345
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E
OpenBSD Security Advisory: [3.9] 012: SECURITY FIX: October 7, 2006
http://openbsd.org/errata.html#httpd2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238
RedHat Security Advisories: RHSA-2006:0618
http://rhn.redhat.com/errata/RHSA-2006-0618.html
http://www.redhat.com/support/errata/RHSA-2006-0619.html
http://securitytracker.com/id?1016569
http://www.securitytracker.com/id?1024144
http://secunia.com/advisories/21172
http://secunia.com/advisories/21174
http://secunia.com/advisories/21399
http://secunia.com/advisories/21478
http://secunia.com/advisories/21598
http://secunia.com/advisories/21848
http://secunia.com/advisories/21986
http://secunia.com/advisories/22317
http://secunia.com/advisories/22523
http://secunia.com/advisories/28749
http://secunia.com/advisories/29640
http://secunia.com/advisories/40256
SGI Security Advisory: 20060801-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
http://securityreason.com/securityalert/1294
SuSE Security Announcement: SUSE-SA:2006:051 (Google Search)
http://www.novell.com/linux/security/advisories/2006_51_apache.html
SuSE Security Announcement: SUSE-SA:2008:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
http://www.ubuntu.com/usn/usn-575-1
http://www.vupen.com/english/advisories/2006/2963
http://www.vupen.com/english/advisories/2006/2964
http://www.vupen.com/english/advisories/2006/3264
http://www.vupen.com/english/advisories/2006/4207
http://www.vupen.com/english/advisories/2006/5089
http://www.vupen.com/english/advisories/2010/1572
CopyrightCopyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.