drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in httpd
Name: |
Mehrere Probleme in httpd |
|
ID: |
TLSA-2008-24 |
|
Distribution: |
TurboLinux |
|
Plattformen: |
Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 11 Server x64 Edition, Turbolinux 11 Server, Turbolinux Multimedia, Turbolinux Personal |
|
Datum: |
Fr, 27. Juni 2008, 03:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364 |
|
Applikationen: |
Apache |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2008-24 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp --------------------------------------------------------------------------
Original released date: 26 Jun 2008 Last revised: 26 Jun 2008
Package: httpd
Summary: Three vulnerabilities discovered in httpd
More information: Apache is a powerful, full-featured, efficient, and freely-available Web server. Apache is also the most popular Web server on the Internet.
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918. (CVE-2007-6203)
Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unpsecified vectors. (CVE-2007-6420)
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. (CVE-2008-2364)
Affected Products: - Turbolinux 11 Server x64 Edition - Turbolinux 11 Server - Turbolinux Appliance Server 2.0 - Turbolinux FUJI - Turbolinux 10 Server x64 Edition - Turbolinux 10 Server - Turbolinux Multimedia - Turbolinux Personal
<Turbolinux Appliance Server 3.0 x64 Edition>
Source Packages Size: MD5
httpd-2.2.6-9.src.rpm 4776004 584ac38135b3f578bef176b417711964
Binary Packages Size: MD5
httpd-2.2.6-9.x86_64.rpm 1249436 21ba76f58de3398b4fbd9f8294449c95 httpd-manual-2.2.6-9.x86_64.rpm 857741 b6c197af9e08e9c2357558ebbe22cd77 httpd-rootsrv-2.2.6-9.x86_64.rpm 229916 1aaee979dd2031b86a3e7eced2fbce8b mod_ssl-2.2.6-9.x86_64.rpm 89766 c7005c4a783c8b6ff310bc14ffcd3109
<Turbolinux Appliance Server 3.0>
Source Packages Size: MD5
httpd-2.2.6-9.src.rpm 4776004 584ac38135b3f578bef176b417711964
Binary Packages Size: MD5
httpd-2.2.6-9.i686.rpm 1177364 6ca62bf7bb1fbd9a293bb700def872e1 httpd-manual-2.2.6-9.i686.rpm 857993 88cba7e1583462b2ae52fb59da065a57 httpd-rootsrv-2.2.6-9.i686.rpm 216557 a06747f7b5bce1db598db955e85a9a1a mod_ssl-2.2.6-9.i686.rpm 85465 4cecf1b2c9651b081a853caaec9cf3b3
<Turbolinux 11 Server x64 Edition>
Source Packages Size: MD5
httpd-2.2.6-9.src.rpm 4776004 289a571639ef5e014d823bdae017a623
Binary Packages Size: MD5
httpd-2.2.6-9.x86_64.rpm 1249436 21ba76f58de3398b4fbd9f8294449c95 httpd-devel-2.2.6-9.x86_64.rpm 153421 7ae494165bfafbafb99be0f1b2fa682e httpd-manual-2.2.6-9.x86_64.rpm 857741 b6c197af9e08e9c2357558ebbe22cd77 mod_ssl-2.2.6-9.x86_64.rpm 89766 c7005c4a783c8b6ff310bc14ffcd3109
<Turbolinux 11 Server>
Source Packages Size: MD5
httpd-2.2.6-9.src.rpm 4776004 584ac38135b3f578bef176b417711964
Binary Packages Size: MD5
httpd-2.2.6-9.i686.rpm 1177364 6ca62bf7bb1fbd9a293bb700def872e1 httpd-devel-2.2.6-9.i686.rpm 153234 56f6d4a25e897beadf37b1f8a4446c8d httpd-manual-2.2.6-9.i686.rpm 857993 88cba7e1583462b2ae52fb59da065a57 mod_ssl-2.2.6-9.i686.rpm 85465 4cecf1b2c9651b081a853caaec9cf3b3
<Turbolinux Appliance Server 2.0>
Source Packages Size: MD5
httpd-2.0.51-36.src.rpm 6859400 1327a3e5ed656d01a43dbeb5d809cace
Binary Packages Size: MD5
httpd-2.0.51-36.i586.rpm 1033720 7faee60429dc5e5969ebae5e71a2553f httpd-devel-2.0.51-36.i586.rpm 225617 9b2c83beec43c658e7ec12995a2b62fa httpd-manual-2.0.51-36.i586.rpm 1133748 72eceeb85cfac27e0819a7e041b82439 mod_bwshare-2.0.51-36.i586.rpm 41737 bcbf5e712abb509c7525ba4c708f4ce9 mod_ssl-2.0.51-36.i586.rpm 89718 f5a1792fa8a4747b11ccebb19d2b3a7d
<Turbolinux FUJI>
Source Packages Size: MD5
httpd-2.0.54-22.src.rpm 7625404 a1ad6906d0a48bacf5e087adc22dd9f4
Binary Packages Size: MD5
httpd-2.0.54-22.i686.rpm 1266332 5f1a626eadb2e3ff87cdd868b747d08e httpd-devel-2.0.54-22.i686.rpm 277405 07cc9383ccc06f67d76df7532f1f1030
<Turbolinux 10 Server x64 Edition>
Source Packages Size: MD5
httpd-2.0.51-36.src.rpm 6859400 e42a95fcebc5b5d95dfca9391ca550df
Binary Packages Size: MD5
httpd-2.0.51-36.x86_64.rpm 1144122 7bc2e773074df289ca2c952536416599 httpd-debug-2.0.51-36.x86_64.rpm 3535652 98c4ac88f18ce7c4d18cfe63d5bf6e7f httpd-devel-2.0.51-36.x86_64.rpm 225573 384a1a2afdc9792ed1ec2e30fda96c65 httpd-manual-2.0.51-36.x86_64.rpm 1133207 807db1eacf903654dae4090fd121f9aa mod_bwshare-2.0.51-36.x86_64.rpm 42491 8607afe04c4554d7ffb302e0b23e2a4a mod_ssl-2.0.51-36.x86_64.rpm 97321 3dda6c1ebdf3a98649ccd92b97000892
<Turbolinux 10 Server>
Source Packages Size: MD5
httpd-2.0.51-36.src.rpm 6859400 1327a3e5ed656d01a43dbeb5d809cace
Binary Packages Size: MD5
httpd-2.0.51-36.i586.rpm 1033720 7faee60429dc5e5969ebae5e71a2553f httpd-debug-2.0.51-36.i586.rpm 3542192 af25e22a05516cd8987c777c5691ed4a httpd-devel-2.0.51-36.i586.rpm 225617 9b2c83beec43c658e7ec12995a2b62fa httpd-manual-2.0.51-36.i586.rpm 1133748 72eceeb85cfac27e0819a7e041b82439 mod_bwshare-2.0.51-36.i586.rpm 41737 bcbf5e712abb509c7525ba4c708f4ce9 mod_ssl-2.0.51-36.i586.rpm 89718 f5a1792fa8a4747b11ccebb19d2b3a7d
<Turbolinux Multimedia, Turbolinux Personal>
Source Packages Size: MD5
httpd-2.0.48-24.src.rpm 6327664 eeab3dea6afed3521f4618bbfaa33f1a
Binary Packages Size: MD5
httpd-2.0.48-24.i586.rpm 893140 814c5a293746a9bcfdb391fdf5da8263
References:
CVE [CVE-2007-6203] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6203 [CVE-2007-6420] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6420 [CVE-2008-2364] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364
-------------------------------------------------------------------------- Revision History 26 Jun 2008 Initial release --------------------------------------------------------------------------
Copyright(C) 2008 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkhjYKsACgkQK0LzjOqIJMyBaQCfYIKWFiSRr1FAcNVfz/mZnaXr k1EAoJXtjiNvhkJtvCHJ/uz5fN6QzrRq =QWRx -----END PGP SIGNATURE-----
|
|
|
|