drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Cross-Site Scripting in httpd
Name: |
Cross-Site Scripting in httpd |
|
ID: |
TLSA-2007-56 |
|
Distribution: |
TurboLinux |
|
Plattformen: |
Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 11 Server x64 Edition, Turbolinux 11 Server, Turbolinux 8 Server, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition |
|
Datum: |
Mi, 26. Dezember 2007, 03:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 |
|
Applikationen: |
Apache |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2007-56 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp --------------------------------------------------------------------------
Original released date: 25 Dec 2007 Last revised: 25 Dec 2007
Package: httpd
Summary: Cross-site scripting (XSS) vulnerability
More information: Apache is a powerful, full-featured, efficient, and freely-available Web server. Apache is also the most popular Web server on the Internet.
The Cross-site scripting exists in mod_imagemap(mod_imap) of httpd.
Impact: This vulnerability can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Affected Products: - Turbolinux 11 Server x64 Edition - Turbolinux 11 Server - Turbolinux Appliance Server 2.0 - Turbolinux FUJI - Turbolinux 10 Server x64 Edition - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server - Turbolinux Multimedia - Turbolinux Personal - Turbolinux 8 Server
<Turbolinux 11 Server x64 Edition> httpd-2.2.6-7.src.rpm 4768026 656be5c7c3ea462bb3ce1a2f7b0dbb7b
Binary Packages Size: MD5
httpd-2.2.6-7.x86_64.rpm 1248818 f0033814e5f5ced30620ba851c623393 httpd-devel-2.2.6-7.x86_64.rpm 152878 ce090d88d58671f7f20dead0d77e2dc2 httpd-manual-2.2.6-7.x86_64.rpm 858560 57548aa697d2b476ba7b7b49553d0c7e mod_ssl-2.2.6-7.x86_64.rpm 89528 bc97d8530b30f27793e64b2b39786427
<Turbolinux 11 Server> httpd-2.2.6-7.src.rpm 4768026 aa1928c5169955051d4518eb061df352
Binary Packages Size: MD5
httpd-2.2.6-7.i686.rpm 1176265 fb4f0f23f4edbe58b7645185c86ac607 httpd-devel-2.2.6-7.i686.rpm 152971 a1dbe5735020e31e5484a317db2875fa httpd-manual-2.2.6-7.i686.rpm 857634 71b1834710902e8dcdc010ee139f4d2a mod_ssl-2.2.6-7.i686.rpm 85239 59839ce5436d7c23721a60403b348dc1
<Turbolinux Appliance Server 2.0>
Source Packages Size: MD5
httpd-2.0.51-34.src.rpm 6856770 5f6140a8d71ddfe1ed6c3ce77e6d63e2
Binary Packages Size: MD5
httpd-2.0.51-34.i586.rpm 1033631 a24b2f4030e1b1fe24ac80e3f63f696e httpd-devel-2.0.51-34.i586.rpm 225349 94fc2636c637aa761a59dff1da673db3 httpd-manual-2.0.51-34.i586.rpm 1133107 c5167124ee98eb643c53b014d72aa32b mod_bwshare-2.0.51-34.i586.rpm 41541 20052bc35904a1f94beeb089e71ebcd6 mod_ssl-2.0.51-34.i586.rpm 89502 304f3e7cc65c3827a78ed11e1e41a990
<Turbolinux FUJI>
Source Packages Size: MD5
httpd-2.0.54-20.src.rpm 7622511 f8c29791207679914b539f606c7ca180
Binary Packages Size: MD5
httpd-2.0.54-20.i686.rpm 1266041 10a5b0824b8440f10eb89faede1529e6 httpd-devel-2.0.54-20.i686.rpm 276954 3c8613c2d52cd3388ed5eb7b517ec156
<Turbolinux 10 Server x64 Edition>
Source Packages Size: MD5
httpd-2.0.51-34.src.rpm 6856770 cc92e836cd03e95354aa14b911720825
Binary Packages Size: MD5
httpd-2.0.51-34.x86_64.rpm 1142725 610c87689f917404a5101437de64cd21 httpd-debug-2.0.51-34.x86_64.rpm 3534277 32d9852790edadbc136eced38cf7cba9 httpd-devel-2.0.51-34.x86_64.rpm 225364 2e509f767528a79d57fa41dbc4566c7b httpd-manual-2.0.51-34.x86_64.rpm 1133043 d40faa2e10b587241ed4c346745c4f30 mod_bwshare-2.0.51-34.x86_64.rpm 42290 499fd23019174cd0e16ee6a268f6d283 mod_ssl-2.0.51-34.x86_64.rpm 97149 c6afb487a309d7fee75c1359c4f5a857
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages Size: MD5
apache-1.3.27-43.src.rpm 3116264 4528a2265449d98613689c072d36677b
Binary Packages Size: MD5
apache-1.3.27-43.i586.rpm 538420 a5f9a7dcc6d3bbfb5c1607a4c8930d91 apache-devel-1.3.27-43.i586.rpm 95867 f83b73bdc73ee03d11e2bb0b6b916e3f mod_ssl-2.8.14-43.i586.rpm 183419 041879877f7430482d768eed3d8ed024
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages Size: MD5
apache-1.3.27-43.src.rpm 3116264 5a27a6c1f4f463d9122f28ffa7f288ad
Binary Packages Size: MD5
apache-1.3.27-43.i586.rpm 504423 c519db3ae7e6f8258b208e0e0b292bee apache-devel-1.3.27-43.i586.rpm 96043 825bb5655ad66d3b09abd4400bab4769 mod_ssl-2.8.14-43.i586.rpm 183569 eacb744774f62f08f83181fb3706b0ac
<Turbolinux 10 Server>
Source Packages Size: MD5
httpd-2.0.51-34.src.rpm 6856770 5f6140a8d71ddfe1ed6c3ce77e6d63e2
Binary Packages Size: MD5
httpd-2.0.51-34.i586.rpm 1033631 a24b2f4030e1b1fe24ac80e3f63f696e httpd-debug-2.0.51-34.i586.rpm 3541682 0697d5377ebb06565b297ab63695fe61 httpd-devel-2.0.51-34.i586.rpm 225349 94fc2636c637aa761a59dff1da673db3 httpd-manual-2.0.51-34.i586.rpm 1133107 c5167124ee98eb643c53b014d72aa32b mod_bwshare-2.0.51-34.i586.rpm 41541 20052bc35904a1f94beeb089e71ebcd6 mod_ssl-2.0.51-34.i586.rpm 89502 304f3e7cc65c3827a78ed11e1e41a990
<Turbolinux Multimedia, Turbolinux Personal>
Source Packages Size: MD5
httpd-2.0.48-22.src.rpm 6325021 195458fdb61043b1ea16fb4ddeaecf2e
Binary Packages Size: MD5
httpd-2.0.48-22.i586.rpm 893150 60673f331c498beff6bb1e62bf768475
<Turbolinux 8 Server>
Source Packages Size: MD5
apache-1.3.27-43.src.rpm 3116264 d1cfc40f44eb05aa00570e0f15adf402
Binary Packages Size: MD5
apache-1.3.27-43.i586.rpm 504350 7175fbf7b0f22e14c6a4a4d4b7298de1 apache-devel-1.3.27-43.i586.rpm 96084 2cff7232945848d35030cd4b8e1ca78b apache-manual-1.3.27-43.i586.rpm 852222 a1c4c9cba476704e0220487f88c5c47f mod_ssl-2.8.14-43.i586.rpm 183501 0132270e19bcaa1cb5608b5688ce9b81
References:
CVE [CVE-2007-5000] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
-------------------------------------------------------------------------- Revision History 25 Dec 2007 Initial release --------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHcN4YK0LzjOqIJMwRAsxHAJ9n3UasZW5ukNeaCRR+A1HjWYFLwQCgqBDQ KPXVvvq+/1FjX/7wZkss8o0= =j6mt -----END PGP SIGNATURE-----
|
|
|
|