English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60246
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDVSA-2008:014 (apache)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to apache
announced via advisory MDVSA-2008:014.

A number of vulnerabilities were found and fixed in the Apache 1.3.x
packages:

A flaw found in the mod_autoindex module could lead to a cross-site
scripting attack on sites where mod_autoindex was enabled and the
AddDefaultCharset directive was removed from the configuration,
against web browsers that did not correctly derive the response
character set following the rules in RFC 2616 (CVE-2007-4465).

A flaw found in the mod_imagemap module could lead to a cross-site
scripting attack on sites where mod_imagemap was enabled and an
imagemap file was publically available (CVE-2007-5000).

A flaw found in the mod_status module could lead to a cross-site
scripting attack on sites where mod_status was enabled and the status
pages were publically available (CVE-2007-6388).

A flaw found in the mod_proxy_ftp module could lead to a cross-site
scripting attack against web browsers which do not correctly derive
the response character set following the rules in RFC 2616, on sites
where the mod_proxy_ftp module was enabled (CVE-2008-0005).

The updated packages have been patched to correct these issues.

Affected: Corporate 3.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:014

Risk factor : Medium

CVSS Score:
4.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-4465
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
BugTraq ID: 25653
http://www.securityfocus.com/bid/25653
Bugtraq: 20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/479237/100/0/threaded
Cert/CC Advisory: TA08-150A
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html
http://security.gentoo.org/glsa/glsa-200711-06.xml
HPdes Security Advisory: HPSBUX02365
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432
HPdes Security Advisory: HPSBUX02431
http://marc.info/?l=bugtraq&m=124654546101607&w=2
HPdes Security Advisory: HPSBUX02465
http://marc.info/?l=bugtraq&m=125631037611762&w=2
HPdes Security Advisory: SSRT080118
HPdes Security Advisory: SSRT090085
HPdes Security Advisory: SSRT090192
http://www.mandriva.com/security/advisories?name=MDVSA-2008:014
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089
http://www.redhat.com/support/errata/RHSA-2007-0911.html
http://www.redhat.com/support/errata/RHSA-2008-0004.html
http://www.redhat.com/support/errata/RHSA-2008-0005.html
http://www.redhat.com/support/errata/RHSA-2008-0006.html
http://www.redhat.com/support/errata/RHSA-2008-0008.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://securitytracker.com/id?1019194
http://secunia.com/advisories/26842
http://secunia.com/advisories/26952
http://secunia.com/advisories/27563
http://secunia.com/advisories/27732
http://secunia.com/advisories/28467
http://secunia.com/advisories/28471
http://secunia.com/advisories/28607
http://secunia.com/advisories/28749
http://secunia.com/advisories/30430
http://secunia.com/advisories/31651
http://secunia.com/advisories/33105
http://secunia.com/advisories/35650
http://securityreason.com/securityalert/3113
http://securityreason.com/achievement_securityalert/46
SuSE Security Announcement: SUSE-SA:2007:061 (Google Search)
http://www.novell.com/linux/security/advisories/2007_61_apache2.html
http://www.ubuntu.com/usn/usn-575-1
http://www.vupen.com/english/advisories/2008/1697
XForce ISS Database: apache-utf7-xss(36586)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36586
Common Vulnerability Exposure (CVE) ID: CVE-2007-5000
AIX APAR: PK58024
http://www-1.ibm.com/support/docview.wss?uid=swg1PK58024
AIX APAR: PK58074
http://www-1.ibm.com/support/docview.wss?uid=swg1PK58074
AIX APAR: PK63273
http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273
AIX APAR: PK65782
http://www-1.ibm.com/support/docview.wss?uid=swg24019245
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
BugTraq ID: 26838
http://www.securityfocus.com/bid/26838
Bugtraq: 20080716 rPSA-2008-0035-1 httpd mod_ssl (Google Search)
http://www.securityfocus.com/archive/1/494428/100/0/threaded
Bugtraq: 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server (Google Search)
http://www.securityfocus.com/archive/1/505990/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html
HPdes Security Advisory: HPSBMA02388
http://www.securityfocus.com/archive/1/498523/100/0/threaded
HPdes Security Advisory: HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: HPSBUX02308
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
HPdes Security Advisory: SSRT080010
HPdes Security Advisory: SSRT080059
HPdes Security Advisory: SSRT090208
http://www.mandriva.com/security/advisories?name=MDVSA-2008:015
http://www.mandriva.com/security/advisories?name=MDVSA-2008:016
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E
http://lists.vmware.com/pipermail/security-announce/2009/000062.html
http://www.osvdb.org/39134
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9539
http://www.redhat.com/support/errata/RHSA-2008-0007.html
http://www.redhat.com/support/errata/RHSA-2008-0009.html
http://securitytracker.com/id?1019093
http://secunia.com/advisories/28046
http://secunia.com/advisories/28073
http://secunia.com/advisories/28081
http://secunia.com/advisories/28196
http://secunia.com/advisories/28375
http://secunia.com/advisories/28525
http://secunia.com/advisories/28526
http://secunia.com/advisories/28750
http://secunia.com/advisories/28922
http://secunia.com/advisories/28977
http://secunia.com/advisories/29420
http://secunia.com/advisories/29640
http://secunia.com/advisories/29806
http://secunia.com/advisories/29988
http://secunia.com/advisories/30356
http://secunia.com/advisories/30732
http://secunia.com/advisories/31142
http://secunia.com/advisories/32800
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1
SuSE Security Announcement: SUSE-SA:2008:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
http://www.vupen.com/english/advisories/2007/4201
http://www.vupen.com/english/advisories/2007/4202
http://www.vupen.com/english/advisories/2007/4301
http://www.vupen.com/english/advisories/2008/0084
http://www.vupen.com/english/advisories/2008/0178
http://www.vupen.com/english/advisories/2008/0398
http://www.vupen.com/english/advisories/2008/0809/references
http://www.vupen.com/english/advisories/2008/0924/references
http://www.vupen.com/english/advisories/2008/1224/references
http://www.vupen.com/english/advisories/2008/1623/references
http://www.vupen.com/english/advisories/2008/1875/references
XForce ISS Database: apache-modimagemap-xss(39002)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39002
XForce ISS Database: apache-modimap-xss(39001)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39001
Common Vulnerability Exposure (CVE) ID: CVE-2007-6388
AIX APAR: PK59667
http://www-1.ibm.com/support/search.wss?rs=0&q=PK59667&apar=only
AIX APAR: PK62966
http://www-1.ibm.com/support/docview.wss?uid=swg1PK62966
BugTraq ID: 27237
http://www.securityfocus.com/bid/27237
HPdes Security Advisory: HPSBUX02313
http://www.securityfocus.com/archive/1/488082/100/0/threaded
HPdes Security Advisory: SSRT080015
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10272
http://securitytracker.com/id?1019154
http://secunia.com/advisories/28965
http://secunia.com/advisories/29504
http://secunia.com/advisories/33200
http://securityreason.com/securityalert/3541
http://www.vupen.com/english/advisories/2008/0047
http://www.vupen.com/english/advisories/2008/0447/references
http://www.vupen.com/english/advisories/2008/0554
http://www.vupen.com/english/advisories/2008/0986/references
XForce ISS Database: apache-status-page-xss(39472)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39472
Common Vulnerability Exposure (CVE) ID: CVE-2008-0005
BugTraq ID: 27234
http://www.securityfocus.com/bid/27234
Bugtraq: 20080110 SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/486167/100/0/threaded
http://security.gentoo.org/glsa/glsa-200803-19.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10812
http://www.securitytracker.com/id?1019185
http://secunia.com/advisories/29348
http://securityreason.com/securityalert/3526
http://securityreason.com/achievement_securityalert/49
XForce ISS Database: apache-modproxyftp-utf7-xss(39615)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39615
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.