English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 76783 CVE descriptions
and 40246 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64783
Category:FreeBSD Local Security Checks
Title:FreeBSD Ports: apache
Summary:FreeBSD Ports: apache
Description:The remote host is missing an update to the system
as announced in the referenced advisory.

The following package is affected: apache

CVE-2009-1891
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses
large files until completion even after the associated network
connection is closed, which allows remote attackers to cause a denial
of service (CPU consumption).

CVE-2009-1195
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not
properly handle Options=IncludesNOEXEC in the AllowOverride directive,
which allows local users to gain privileges by configuring (1) Options
Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a
.htaccess file, and then inserting an exec element in a .shtml file.

CVE-2009-1890
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy
module in the Apache HTTP Server before 2.3.3, when a reverse proxy is
configured, does not properly handle an amount of streamed data that
exceeds the Content-Length value, which allows remote attackers to
cause a denial of service (CPU consumption) via crafted requests.

CVE-2009-1191
mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server
2.2.11 allows remote attackers to obtain sensitive response data,
intended for a client that sent an earlier POST request with no
request body, via an HTTP request.

CVE-2009-0023
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in
Apache APR-util before 1.3.5 allows remote attackers to cause a denial
of service (daemon crash) via crafted input involving (1) a .htaccess
file used with the Apache HTTP Server, (2) the SVNMasterURI directive
in the mod_dav_svn module in the Apache HTTP Server, (3) the
mod_apreq2 module for the Apache HTTP Server, or (4) an application
that uses the libapreq2 library, which triggers a heap-based buffer
underflow.

CVE-2009-1955
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in
Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn
modules in the Apache HTTP Server, allows remote attackers to cause a
denial of service (memory consumption) via a crafted XML document
containing a large number of nested entity references, as demonstrated
by a PROPFIND request, a similar issue to CVE-2003-1564.

CVE-2009-1956
Off-by-one error in the apr_brigade_vprintf function in Apache
APR-util before 1.3.5 on big-endian platforms allows remote attackers
to obtain sensitive information or cause a denial of service
(application crash) via crafted input.

Solution:
Update your system with the appropriate patches or
software upgrades.
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-1891
Bugtraq: 20091113 rPSA-2009-0142-2 httpd mod_ssl (Google Search)
http://www.securityfocus.com/archive/1/archive/1/507857/100/0/threaded
http://marc.info/?l=apache-httpd-dev&m=124621326524824&w=2
http://marc.info/?l=apache-httpd-dev&m=124661528519546&w=2
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712
AIX APAR: PK91361
http://www-01.ibm.com/support/docview.wss?uid=swg1PK91361
AIX APAR: PK99480
http://www-01.ibm.com/support/docview.wss?uid=swg1PK99480
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Debian Security Information: DSA-1834 (Google Search)
http://www.debian.org/security/2009/dsa-1834
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html
http://security.gentoo.org/glsa/glsa-200907-04.xml
HPdes Security Advisory: HPSBUX02612
http://marc.info/?l=bugtraq&m=129190899612998&w=2
HPdes Security Advisory: SSRT100345
HPdes Security Advisory: HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: SSRT090208
http://www.mandriva.com/security/advisories?name=MDVSA-2009:149
RedHat Security Advisories: RHSA-2009:1148
https://rhn.redhat.com/errata/RHSA-2009-1148.html
http://www.redhat.com/support/errata/RHSA-2009-1156.html
SuSE Security Announcement: SUSE-SA:2009:050 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html
http://www.ubuntu.com/usn/USN-802-1
http://osvdb.org/55782
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8632
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9248
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12361
http://www.securitytracker.com/id?1022529
http://secunia.com/advisories/35721
http://secunia.com/advisories/35781
http://secunia.com/advisories/35793
http://secunia.com/advisories/35865
http://secunia.com/advisories/37152
http://secunia.com/advisories/37221
http://www.vupen.com/english/advisories/2009/1841
http://www.vupen.com/english/advisories/2009/3184
Common Vulnerability Exposure (CVE) ID: CVE-2009-1195
Bugtraq: 20091112 rPSA-2009-0142-1 httpd mod_ssl (Google Search)
http://www.securityfocus.com/archive/1/archive/1/507852/100/0/threaded
http://marc.info/?l=apache-httpd-dev&m=124048996106302&w=2
Debian Security Information: DSA-1816 (Google Search)
http://www.debian.org/security/2009/dsa-1816
http://www.mandriva.com/security/advisories?name=MDVSA-2009:124
http://www.redhat.com/support/errata/RHSA-2009-1075.html
http://www.ubuntu.com/usn/usn-787-1
BugTraq ID: 35115
http://www.securityfocus.com/bid/35115
http://osvdb.org/54733
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11094
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8704
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12377
http://www.securitytracker.com/id?1022296
http://secunia.com/advisories/35261
http://secunia.com/advisories/35264
http://secunia.com/advisories/35453
http://secunia.com/advisories/35395
http://www.vupen.com/english/advisories/2009/1444
XForce ISS Database: apache-allowoverrides-security-bypass(50808)
http://xforce.iss.net/xforce/xfdb/50808
Common Vulnerability Exposure (CVE) ID: CVE-2009-1890
AIX APAR: PK91259
http://www-01.ibm.com/support/docview.wss?uid=swg1PK91259
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
BugTraq ID: 35565
http://www.securityfocus.com/bid/35565
http://osvdb.org/55553
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8616
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9403
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12330
http://www.securitytracker.com/id?1022509
http://secunia.com/advisories/35691
Common Vulnerability Exposure (CVE) ID: CVE-2009-1191
http://www.mandriva.com/security/advisories?name=MDVSA-2009:102
BugTraq ID: 34663
http://www.securityfocus.com/bid/34663
http://osvdb.org/53921
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8261
http://www.securitytracker.com/id?1022264
http://secunia.com/advisories/34827
http://www.vupen.com/english/advisories/2009/1147
XForce ISS Database: apache-modproxyajp-information-disclosure(50059)
http://xforce.iss.net/xforce/xfdb/50059
Common Vulnerability Exposure (CVE) ID: CVE-2009-0023
Bugtraq: 20091112 rPSA-2009-0144-1 apr-util (Google Search)
http://www.securityfocus.com/archive/1/archive/1/507855/100/0/threaded
AIX APAR: PK88341
http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341
AIX APAR: PK91241
http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241
AIX APAR: PK99478
http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478
Debian Security Information: DSA-1812 (Google Search)
http://www.debian.org/security/2009/dsa-1812
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html
http://security.gentoo.org/glsa/glsa-200907-03.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:131
http://www.redhat.com/support/errata/RHSA-2009-1107.html
http://www.redhat.com/support/errata/RHSA-2009-1108.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210
http://www.ubuntu.com/usn/usn-786-1
BugTraq ID: 35221
http://www.securityfocus.com/bid/35221
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10968
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12321
http://secunia.com/advisories/35284
http://secunia.com/advisories/35360
http://secunia.com/advisories/34724
http://secunia.com/advisories/35444
http://secunia.com/advisories/35487
http://secunia.com/advisories/35565
http://secunia.com/advisories/35710
http://secunia.com/advisories/35843
http://secunia.com/advisories/35797
http://www.vupen.com/english/advisories/2009/1907
XForce ISS Database: apache-aprstrmatchprecompile-dos(50964)
http://xforce.iss.net/xforce/xfdb/50964
Common Vulnerability Exposure (CVE) ID: CVE-2009-1955
Bugtraq: 20090824 rPSA-2009-0123-1 apr-util (Google Search)
http://www.securityfocus.com/archive/1/archive/1/506053/100/0/threaded
http://www.milw0rm.com/exploits/8842
http://marc.info/?l=apr-dev&m=124396021826125&w=2
http://www.openwall.com/lists/oss-security/2009/06/03/4
AIX APAR: PK88342
http://www-01.ibm.com/support/docview.wss?uid=swg1PK88342
SuSE Security Announcement: SUSE-SR:2010:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
BugTraq ID: 35253
http://www.securityfocus.com/bid/35253
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10270
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12473
http://secunia.com/advisories/36473
http://www.vupen.com/english/advisories/2010/1107
Common Vulnerability Exposure (CVE) ID: CVE-2009-1956
http://www.mail-archive.com/dev@apr.apache.org/msg21591.html
http://www.mail-archive.com/dev@apr.apache.org/msg21592.html
http://www.openwall.com/lists/oss-security/2009/06/06/1
BugTraq ID: 35251
http://www.securityfocus.com/bid/35251
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11567
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12237
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 40246 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.