Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702637
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2637-1 (apache2 - several issues)
Summary:Several vulnerabilities have been found in the Apache HTTPD server.;;CVE-2012-3499;The modules mod_info, mod_status, mod_imagemap, mod_ldap, and;mod_proxy_ftp did not properly escape hostnames and URIs in;HTML output, causing cross site scripting vulnerabilities.;;CVE-2012-4558;Mod_proxy_balancer did not properly escape hostnames and URIs;in its balancer-manager interface, causing a cross site scripting;vulnerability.;;CVE-2013-1048;Hayawardh Vijayakumar noticed that the apache2ctl script created;the lock directory in an unsafe manner, allowing a local attacker;to gain elevated privileges via a symlink attack. This is a Debian;specific issue.
Description:Summary:
Several vulnerabilities have been found in the Apache HTTPD server.

CVE-2012-3499
The modules mod_info, mod_status, mod_imagemap, mod_ldap, and
mod_proxy_ftp did not properly escape hostnames and URIs in
HTML output, causing cross site scripting vulnerabilities.

CVE-2012-4558
Mod_proxy_balancer did not properly escape hostnames and URIs
in its balancer-manager interface, causing a cross site scripting
vulnerability.

CVE-2013-1048
Hayawardh Vijayakumar noticed that the apache2ctl script created
the lock directory in an unsafe manner, allowing a local attacker
to gain elevated privileges via a symlink attack. This is a Debian
specific issue.

Affected Software/OS:
apache2 on Debian Linux

Solution:
For the stable distribution (squeeze), these problems have been fixed in
version 2.2.16-6+squeeze11.

For the testing distribution (wheezy), these problems will be fixed in
version 2.2.22-13.

For the unstable distribution (sid), these problems will be fixed in
version 2.2.22-13.

We recommend that you upgrade your apache2 packages.

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-1048
Debian Security Information: DSA-2637 (Google Search)
http://www.debian.org/security/2013/dsa-2637
Common Vulnerability Exposure (CVE) ID: CVE-2012-3499
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
BugTraq ID: 58165
http://www.securityfocus.com/bid/58165
BugTraq ID: 64758
http://www.securityfocus.com/bid/64758
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101196.html
HPdes Security Advisory: HPSBUX02866
http://marc.info/?l=bugtraq&m=136612293908376&w=2
HPdes Security Advisory: SSRT101139
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19312
RedHat Security Advisories: RHSA-2013:0815
http://rhn.redhat.com/errata/RHSA-2013-0815.html
RedHat Security Advisories: RHSA-2013:1207
http://rhn.redhat.com/errata/RHSA-2013-1207.html
RedHat Security Advisories: RHSA-2013:1208
http://rhn.redhat.com/errata/RHSA-2013-1208.html
RedHat Security Advisories: RHSA-2013:1209
http://rhn.redhat.com/errata/RHSA-2013-1209.html
http://secunia.com/advisories/55032
Common Vulnerability Exposure (CVE) ID: CVE-2012-4558
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18977
CopyrightCopyright (C) 2013 Greenbone Networks GmbH http://greenbone.net

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.