Test ID:	1.3.6.1.4.1.25623.1.0.57344
Category:	Turbolinux Local Security Tests
Title:	Turbolinux TLSA-2006-24 (httpd)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to httpd announced via advisory TLSA-2006-24. Apache is a powerful, full-featured, efficient, and freely-available Web server. Apache is also the most popular Web server on the Internet. Cross-site scripting (XSS) vulnerability in the Apache. This vulnerability allows dangerous tags to be processed by web browsers. Solution: Please use the turbopkg (zabom) tool to apply the update. http://www.securityspace.com/smysecure/catid.html?in=TLSA-2006-24 Risk factor : Medium CVSS Score: 4.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-3918 AIX APAR: PK24631 http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631 AIX APAR: PK27875 http://www-1.ibm.com/support/docview.wss?uid=swg24013080 BugTraq ID: 19661 http://www.securityfocus.com/bid/19661 Bugtraq: 20060508 Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1 (Google Search) http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html Bugtraq: 20060724 Write-up by Amit Klein: "Forging HTTP request headers with Flash" (Google Search) http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html Debian Security Information: DSA-1167 (Google Search) http://www.debian.org/security/2006/dsa-1167 HPdes Security Advisory: HPSBOV02683 http://marc.info/?l=bugtraq&m=130497311408250&w=2 HPdes Security Advisory: HPSBUX02465 http://marc.info/?l=bugtraq&m=125631037611762&w=2 HPdes Security Advisory: HPSBUX02612 http://marc.info/?l=bugtraq&m=129190899612998&w=2 HPdes Security Advisory: SSRT090192 HPdes Security Advisory: SSRT090208 HPdes Security Advisory: SSRT100345 https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E OpenBSD Security Advisory: [3.9] 012: SECURITY FIX: October 7, 2006 http://openbsd.org/errata.html#httpd2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238 RedHat Security Advisories: RHSA-2006:0618 http://rhn.redhat.com/errata/RHSA-2006-0618.html http://www.redhat.com/support/errata/RHSA-2006-0619.html RedHat Security Advisories: RHSA-2006:0692 http://rhn.redhat.com/errata/RHSA-2006-0692.html http://securitytracker.com/id?1016569 http://www.securitytracker.com/id?1024144 http://secunia.com/advisories/21172 http://secunia.com/advisories/21174 http://secunia.com/advisories/21399 http://secunia.com/advisories/21478 http://secunia.com/advisories/21598 http://secunia.com/advisories/21744 http://secunia.com/advisories/21848 http://secunia.com/advisories/21986 http://secunia.com/advisories/22140 http://secunia.com/advisories/22317 http://secunia.com/advisories/22523 http://secunia.com/advisories/28749 http://secunia.com/advisories/29640 http://secunia.com/advisories/40256 SGI Security Advisory: 20060801-01-P ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P http://securityreason.com/securityalert/1294 SuSE Security Announcement: SUSE-SA:2006:051 (Google Search) http://www.novell.com/linux/security/advisories/2006_51_apache.html SuSE Security Announcement: SUSE-SA:2008:021 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html http://www.ubuntu.com/usn/usn-575-1 http://www.vupen.com/english/advisories/2006/2963 http://www.vupen.com/english/advisories/2006/2964 http://www.vupen.com/english/advisories/2006/3264 http://www.vupen.com/english/advisories/2006/4207 http://www.vupen.com/english/advisories/2006/5089 http://www.vupen.com/english/advisories/2010/1572
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.