Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:CentOS Local Security Checks
Title:CentOS Update for httpd CESA-2012:0128 centos6
Summary:The remote host is missing an update for the 'httpd'; package(s) announced via the referenced advisory.
The remote host is missing an update for the 'httpd'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The Apache HTTP Server is a popular web server.

It was discovered that the fix for CVE-2011-3368 (released via
RHSA-2011:1391) did not completely address the problem. An attacker could
bypass the fix and make a reverse proxy connect to an arbitrary server not
directly accessible to the attacker by sending an HTTP version 0.9 request,
or by using a specially-crafted URI. (CVE-2011-3639, CVE-2011-4317)

The httpd server included the full HTTP header line in the default error
page generated when receiving an excessively long or malformed header.
Malicious JavaScript running in the server's domain context could use this
flaw to gain access to httpOnly cookies. (CVE-2012-0053)

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way httpd performed substitutions in regular expressions. An
attacker able to set certain httpd settings, such as a user permitted to
override the httpd configuration for a specific directory using a
'.htaccess' file, could use this flaw to crash the httpd child process or,
possibly, execute arbitrary code with the privileges of the 'apache' user.

A flaw was found in the way httpd handled child process status information.
A malicious program running with httpd child process privileges (such as a
PHP or CGI script) could use this flaw to cause the parent httpd process to
crash during httpd service shutdown. (CVE-2012-0031)

All httpd users should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the httpd daemon will be restarted automatically.

Affected Software/OS:
httpd on CentOS 6

Please install the updated packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-3607
BugTraq ID: 50494
Debian Security Information: DSA-2405 (Google Search)
HPdes Security Advisory: HPSBMU02748
HPdes Security Advisory: HPSBMU02786
HPdes Security Advisory: HPSBOV02822
HPdes Security Advisory: HPSBUX02761
HPdes Security Advisory: SSRT100772
HPdes Security Advisory: SSRT100823
HPdes Security Advisory: SSRT100877
HPdes Security Advisory: SSRT100966
RedHat Security Advisories: RHSA-2012:0128
RedHat Security Advisories: RHSA-2012:0542
RedHat Security Advisories: RHSA-2012:0543
XForce ISS Database: apache-http-appregsub-bo(71093)
Common Vulnerability Exposure (CVE) ID: CVE-2011-3639
Common Vulnerability Exposure (CVE) ID: CVE-2011-4317
SuSE Security Announcement: openSUSE-SU-2013:0243 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:0248 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2012-0031
BugTraq ID: 51407
SuSE Security Announcement: SUSE-SU-2012:0323 (Google Search)
SuSE Security Announcement: openSUSE-SU-2012:0314 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2012-0053
BugTraq ID: 51706
HPdes Security Advisory: HPSBMU02776
HPdes Security Advisory: HPSBST02848
HPdes Security Advisory: SSRT100852
HPdes Security Advisory: SSRT101112
Common Vulnerability Exposure (CVE) ID: CVE-2011-3368
BugTraq ID: 49957
SuSE Security Announcement: SUSE-SU-2011:1229 (Google Search)
XForce ISS Database: apache-modproxy-information-disclosure(70336)
CopyrightCopyright (c) 2012 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.