Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Fedora Local Security Checks
Title:Fedora Core 8 FEDORA-2008-1695 (httpd)

The remote host is missing an update to httpd
announced via advisory FEDORA-2008-1695.

The Apache HTTP Server is a powerful, efficient, and extensible
web server.

Update Information:

This update includes the latest release of httpd 2.2, which fixes a number of
minor security issues and other bugs.

A flaw was found in the mod_imagemap module. On sites where mod_imagemap
was enabled and an imagemap file was publicly available, a cross-site
scripting attack was possible. (CVE-2007-5000)

A flaw was found in the mod_status module. On sites where
mod_status was enabled and the status pages were publicly
accessible, a cross-site scripting attack was possible. (CVE-2007-6388)

A flaw was found in the mod_proxy_balancer module. On sites where
mod_proxy_balancer was enabled, a cross-site scripting attack against
an authorized user was possible. (CVE-2007-6421)

A flaw was found in the mod_proxy_balancer module. On sites
where mod_proxy_balancer was enabled, an authorized user
could send a carefully crafted request that would cause the
Apache child process handling that request to crash. This could
lead to a denial of service if using a threaded Multi-Processing Module.

A flaw was found in the mod_proxy_ftp module. On sites where
mod_proxy_ftp was enabled and a forward proxy was configured,
a cross-site scripting attack was possible against browsers which
do not correctly derive the response character set following
the rules in RFC 2616. (CVE-2008-0005)


[ 1 ] Bug #427228 - CVE-2007-6388 apache mod_status cross-site scripting
[ 2 ] Bug #427229 - CVE-2007-6421 httpd mod_proxy_balancer cross-site scripting
[ 3 ] Bug #427739 - CVE-2008-0005 mod_proxy_ftp XSS
[ 4 ] Bug #419931 - CVE-2007-5000 mod_imagemap XSS
[ 5 ] Bug #427230 - CVE-2007-6422 httpd mod_proxy_balancer crash

Solution: Apply the appropriate updates.

This update can be installed with the yum update program. Use
su -c 'yum update httpd' at the command line.
For more information, refer to Managing Software with yum,
available at

Risk factor : Medium

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-5000
BugTraq ID: 26838
Bugtraq: 20080716 rPSA-2008-0035-1 httpd mod_ssl (Google Search)
Bugtraq: 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server (Google Search)
Cert/CC Advisory: TA08-150A
HPdes Security Advisory: HPSBMA02388
HPdes Security Advisory: HPSBOV02683
HPdes Security Advisory: HPSBUX02308
HPdes Security Advisory: SSRT080010
HPdes Security Advisory: SSRT080059
HPdes Security Advisory: SSRT090208
SuSE Security Announcement: SUSE-SA:2008:021 (Google Search)
XForce ISS Database: apache-modimagemap-xss(39002)
XForce ISS Database: apache-modimap-xss(39001)
Common Vulnerability Exposure (CVE) ID: CVE-2007-6388
BugTraq ID: 27237
HPdes Security Advisory: HPSBUX02313
HPdes Security Advisory: SSRT080015
XForce ISS Database: apache-status-page-xss(39472)
Common Vulnerability Exposure (CVE) ID: CVE-2007-6421
BugTraq ID: 27236
Bugtraq: 20080110 SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability (Google Search)
XForce ISS Database: apache-modproxybalancer-xss(39474)
Common Vulnerability Exposure (CVE) ID: CVE-2007-6422
XForce ISS Database: apache-modproxybalancer-dos(39476)
Common Vulnerability Exposure (CVE) ID: CVE-2008-0005
BugTraq ID: 27234
Bugtraq: 20080110 SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability (Google Search)
HPdes Security Advisory: HPSBUX02431
HPdes Security Advisory: HPSBUX02465
HPdes Security Advisory: SSRT090085
HPdes Security Advisory: SSRT090192
XForce ISS Database: apache-modproxyftp-utf7-xss(39615)
CopyrightCopyright (c) 2008 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.