Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58418
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0533
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0533.

The Apache HTTP Server is a popular Web server.

A flaw was found in the Apache HTTP Server mod_status module. On sites
where the server-status page is publicly accessible and ExtendedStatus is
enabled this could lead to a cross-site scripting attack. On Red Hat
Enterprise Linux the server-status page is not enabled by default and it is
best practice to not make this publicly available. (CVE-2006-5752)

A flaw was found in the Apache HTTP Server mod_cache module. On sites where
caching is enabled, a remote attacker could send a carefully crafted
request that would cause the Apache child process handling that request to
crash. This could lead to a denial of service if using a threaded
Multi-Processing Module. (CVE-2007-1863)

In addition, two bugs were fixed:

* when the ProxyErrorOverride directive was enabled, responses with 3xx
status-codes would be overriden at the proxy. This has been changed so that
only 4xx and 5xx responses are overriden.

* the ProxyTimeout directive was not inherited across virtual host
definitions.

Users of httpd should upgrade to these updated packages, which contain
backported patches to correct these issues. Users should restart Apache
after installing this update.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0533.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-5752
AIX APAR: PK49295
http://www-1.ibm.com/support/search.wss?rs=0&q=PK49295&apar=only
AIX APAR: PK52702
http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702
BugTraq ID: 24645
http://www.securityfocus.com/bid/24645
Bugtraq: 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server (Google Search)
http://www.securityfocus.com/archive/1/505990/100/0/threaded
http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html
http://security.gentoo.org/glsa/glsa-200711-06.xml
HPdes Security Advisory: HPSBUX02262
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
HPdes Security Advisory: SSRT071447
http://www.mandriva.com/security/advisories?name=MDKSA-2007:140
http://www.mandriva.com/security/advisories?name=MDKSA-2007:141
http://www.mandriva.com/security/advisories?name=MDKSA-2007:142
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245112
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E
http://lists.vmware.com/pipermail/security-announce/2009/000062.html
http://osvdb.org/37052
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10154
http://www.redhat.com/support/errata/RHSA-2007-0532.html
RedHat Security Advisories: RHSA-2007:0533
https://rhn.redhat.com/errata/RHSA-2007-0533.html
RedHat Security Advisories: RHSA-2007:0534
http://rhn.redhat.com/errata/RHSA-2007-0534.html
RedHat Security Advisories: RHSA-2007:0556
http://rhn.redhat.com/errata/RHSA-2007-0556.html
http://www.redhat.com/support/errata/RHSA-2007-0557.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.securitytracker.com/id?1018302
http://secunia.com/advisories/25827
http://secunia.com/advisories/25830
http://secunia.com/advisories/25873
http://secunia.com/advisories/25920
http://secunia.com/advisories/26273
http://secunia.com/advisories/26443
http://secunia.com/advisories/26458
http://secunia.com/advisories/26508
http://secunia.com/advisories/26822
http://secunia.com/advisories/26842
http://secunia.com/advisories/26993
http://secunia.com/advisories/27037
http://secunia.com/advisories/27563
http://secunia.com/advisories/27732
http://secunia.com/advisories/28212
http://secunia.com/advisories/28224
http://secunia.com/advisories/28606
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1
SuSE Security Announcement: SUSE-SA:2007:061 (Google Search)
http://www.novell.com/linux/security/advisories/2007_61_apache2.html
http://www.trustix.org/errata/2007/0026/
http://www.ubuntu.com/usn/usn-499-1
http://www.vupen.com/english/advisories/2007/2727
http://www.vupen.com/english/advisories/2007/3283
http://www.vupen.com/english/advisories/2007/3386
http://www.vupen.com/english/advisories/2007/4305
http://www.vupen.com/english/advisories/2008/0233
XForce ISS Database: apache-modstatus-xss(35097)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35097
Common Vulnerability Exposure (CVE) ID: CVE-2007-1863
AIX APAR: PK49355
http://www-1.ibm.com/support/docview.wss?uid=swg1PK49355
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
BugTraq ID: 24649
http://www.securityfocus.com/bid/24649
Cert/CC Advisory: TA08-150A
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244658
https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E
http://osvdb.org/37079
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9824
http://www.securitytracker.com/id?1018303
http://secunia.com/advisories/30430
http://www.vupen.com/english/advisories/2008/1697
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.