Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Update for httpd RHSA-2013:0130-01
Summary:The remote host is missing an update for the 'httpd'; package(s) announced via the referenced advisory.
The remote host is missing an update for the 'httpd'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The httpd packages contain the Apache HTTP Server (httpd), which is the
namesake project of The Apache Software Foundation.

Input sanitization flaws were found in the mod_negotiation module. A remote
attacker able to upload or create files with arbitrary names in a directory
that has the MultiViews options enabled, could use these flaws to conduct
cross-site scripting and HTTP response splitting attacks against users
visiting the site. (CVE-2008-0455, CVE-2008-0456, CVE-2012-2687)

Bug fixes:

* Previously, no check was made to see if the
/etc/pki/tls/private/localhost.key file was a valid key prior to running
the '%post' script for the 'mod_ssl' package. Consequently, when
/etc/pki/tls/certs/localhost.crt did not exist and 'localhost.key' was
present but invalid, upgrading the Apache HTTP Server daemon (httpd) with
mod_ssl failed. The '%post' script has been fixed to test for an existing
SSL key. As a result, upgrading httpd with mod_ssl now proceeds as
expected. (BZ#752618)

* The 'mod_ssl' module did not support operation under FIPS mode.
Consequently, when operating Red Hat Enterprise Linux 5 with FIPS mode
enabled, httpd failed to start. An upstream patch has been applied to
disable non-FIPS functionality if operating under FIPS mode and httpd now
starts as expected. (BZ#773473)

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
httpd on Red Hat Enterprise Linux (v. 5 server)

Please Install the Updated Packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-0455
BugTraq ID: 27409
Bugtraq: 20080122 Apache mod_negotiation Xss and Http Response Splitting (Google Search)
RedHat Security Advisories: RHSA-2012:1591
RedHat Security Advisories: RHSA-2012:1592
RedHat Security Advisories: RHSA-2012:1594
RedHat Security Advisories: RHSA-2013:0130
XForce ISS Database: apache-modnegotiation-xss(39867)
Common Vulnerability Exposure (CVE) ID: CVE-2008-0456
Cert/CC Advisory: TA09-133A
XForce ISS Database: apache-modnegotiation-response-splitting(39893)
Common Vulnerability Exposure (CVE) ID: CVE-2012-2687
BugTraq ID: 55131
HPdes Security Advisory: HPSBUX02866
HPdes Security Advisory: SSRT101139
SuSE Security Announcement: openSUSE-SU-2013:0243 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:0245 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:0248 (Google Search)
CopyrightCopyright (c) 2013 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.