Login
Newsletter
Werbung
Sicherheit: Cross-Site Scripting in httpd
Aktuelle Meldungen Distributionen
Name: Cross-Site Scripting in httpd
ID: TLSA-2007-56
Distribution: TurboLinux
Plattformen: Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 11 Server x64 Edition, Turbolinux 11 Server, Turbolinux 8 Server, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition
Datum: Mi, 26. Dezember 2007, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
Applikationen: Apache

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2007-56
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 25 Dec 2007
 Last revised: 25 Dec 2007

 Package: httpd

 Summary: Cross-site scripting (XSS) vulnerability

 More information:
    Apache is a powerful, full-featured, efficient, and freely-available
    Web server. Apache is also the most popular Web server on the Internet.

    The Cross-site scripting exists in mod_imagemap(mod_imap) of httpd.

 Impact:
    This vulnerability can be exploited to execute arbitrary HTML and script
 code
    in a user's browser session in context of an affected site.

 Affected Products:
    - Turbolinux 11 Server x64 Edition
    - Turbolinux 11 Server
    - Turbolinux Appliance Server 2.0
    - Turbolinux FUJI
    - Turbolinux 10 Server x64 Edition
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server
    - Turbolinux Multimedia
    - Turbolinux Personal
    - Turbolinux 8 Server


 <Turbolinux 11 Server x64 Edition>
 
   httpd-2.2.6-7.src.rpm
      4768026 656be5c7c3ea462bb3ce1a2f7b0dbb7b

   Binary Packages
   Size: MD5

   httpd-2.2.6-7.x86_64.rpm
      1248818 f0033814e5f5ced30620ba851c623393
   httpd-devel-2.2.6-7.x86_64.rpm
       152878 ce090d88d58671f7f20dead0d77e2dc2
   httpd-manual-2.2.6-7.x86_64.rpm
       858560 57548aa697d2b476ba7b7b49553d0c7e
   mod_ssl-2.2.6-7.x86_64.rpm
        89528 bc97d8530b30f27793e64b2b39786427

 <Turbolinux 11 Server>
 
   httpd-2.2.6-7.src.rpm
      4768026 aa1928c5169955051d4518eb061df352

   Binary Packages
   Size: MD5

   httpd-2.2.6-7.i686.rpm
      1176265 fb4f0f23f4edbe58b7645185c86ac607
   httpd-devel-2.2.6-7.i686.rpm
       152971 a1dbe5735020e31e5484a317db2875fa
   httpd-manual-2.2.6-7.i686.rpm
       857634 71b1834710902e8dcdc010ee139f4d2a
   mod_ssl-2.2.6-7.i686.rpm
        85239 59839ce5436d7c23721a60403b348dc1

 <Turbolinux Appliance Server 2.0>

   Source Packages
   Size: MD5

   httpd-2.0.51-34.src.rpm
      6856770 5f6140a8d71ddfe1ed6c3ce77e6d63e2

   Binary Packages
   Size: MD5

   httpd-2.0.51-34.i586.rpm
      1033631 a24b2f4030e1b1fe24ac80e3f63f696e
   httpd-devel-2.0.51-34.i586.rpm
       225349 94fc2636c637aa761a59dff1da673db3
   httpd-manual-2.0.51-34.i586.rpm
      1133107 c5167124ee98eb643c53b014d72aa32b
   mod_bwshare-2.0.51-34.i586.rpm
        41541 20052bc35904a1f94beeb089e71ebcd6
   mod_ssl-2.0.51-34.i586.rpm
        89502 304f3e7cc65c3827a78ed11e1e41a990

 <Turbolinux FUJI>

   Source Packages
   Size: MD5

   httpd-2.0.54-20.src.rpm
      7622511 f8c29791207679914b539f606c7ca180

   Binary Packages
   Size: MD5

   httpd-2.0.54-20.i686.rpm
      1266041 10a5b0824b8440f10eb89faede1529e6
   httpd-devel-2.0.54-20.i686.rpm
       276954 3c8613c2d52cd3388ed5eb7b517ec156

 <Turbolinux 10 Server x64 Edition>

   Source Packages
   Size: MD5

   httpd-2.0.51-34.src.rpm
      6856770 cc92e836cd03e95354aa14b911720825

   Binary Packages
   Size: MD5

   httpd-2.0.51-34.x86_64.rpm
      1142725 610c87689f917404a5101437de64cd21
   httpd-debug-2.0.51-34.x86_64.rpm
      3534277 32d9852790edadbc136eced38cf7cba9
   httpd-devel-2.0.51-34.x86_64.rpm
       225364 2e509f767528a79d57fa41dbc4566c7b
   httpd-manual-2.0.51-34.x86_64.rpm
      1133043 d40faa2e10b587241ed4c346745c4f30
   mod_bwshare-2.0.51-34.x86_64.rpm
        42290 499fd23019174cd0e16ee6a268f6d283
   mod_ssl-2.0.51-34.x86_64.rpm
        97149 c6afb487a309d7fee75c1359c4f5a857

 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   apache-1.3.27-43.src.rpm
      3116264 4528a2265449d98613689c072d36677b

   Binary Packages
   Size: MD5

   apache-1.3.27-43.i586.rpm
       538420 a5f9a7dcc6d3bbfb5c1607a4c8930d91
   apache-devel-1.3.27-43.i586.rpm
        95867 f83b73bdc73ee03d11e2bb0b6b916e3f
   mod_ssl-2.8.14-43.i586.rpm
       183419 041879877f7430482d768eed3d8ed024

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   apache-1.3.27-43.src.rpm
      3116264 5a27a6c1f4f463d9122f28ffa7f288ad

   Binary Packages
   Size: MD5

   apache-1.3.27-43.i586.rpm
       504423 c519db3ae7e6f8258b208e0e0b292bee
   apache-devel-1.3.27-43.i586.rpm
        96043 825bb5655ad66d3b09abd4400bab4769
   mod_ssl-2.8.14-43.i586.rpm
       183569 eacb744774f62f08f83181fb3706b0ac

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   httpd-2.0.51-34.src.rpm
      6856770 5f6140a8d71ddfe1ed6c3ce77e6d63e2

   Binary Packages
   Size: MD5

   httpd-2.0.51-34.i586.rpm
      1033631 a24b2f4030e1b1fe24ac80e3f63f696e
   httpd-debug-2.0.51-34.i586.rpm
      3541682 0697d5377ebb06565b297ab63695fe61
   httpd-devel-2.0.51-34.i586.rpm
       225349 94fc2636c637aa761a59dff1da673db3
   httpd-manual-2.0.51-34.i586.rpm
      1133107 c5167124ee98eb643c53b014d72aa32b
   mod_bwshare-2.0.51-34.i586.rpm
        41541 20052bc35904a1f94beeb089e71ebcd6
   mod_ssl-2.0.51-34.i586.rpm
        89502 304f3e7cc65c3827a78ed11e1e41a990

 <Turbolinux Multimedia, Turbolinux Personal>

   Source Packages
   Size: MD5

   httpd-2.0.48-22.src.rpm
      6325021 195458fdb61043b1ea16fb4ddeaecf2e

   Binary Packages
   Size: MD5

   httpd-2.0.48-22.i586.rpm
       893150 60673f331c498beff6bb1e62bf768475

 <Turbolinux 8 Server>

   Source Packages
   Size: MD5

   apache-1.3.27-43.src.rpm
      3116264 d1cfc40f44eb05aa00570e0f15adf402

   Binary Packages
   Size: MD5

   apache-1.3.27-43.i586.rpm
       504350 7175fbf7b0f22e14c6a4a4d4b7298de1
   apache-devel-1.3.27-43.i586.rpm
        96084 2cff7232945848d35030cd4b8e1ca78b
   apache-manual-1.3.27-43.i586.rpm
       852222 a1c4c9cba476704e0220487f88c5c47f
   mod_ssl-2.8.14-43.i586.rpm
       183501 0132270e19bcaa1cb5608b5688ce9b81


 References:

 CVE
   [CVE-2007-5000]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000

 --------------------------------------------------------------------------
 Revision History
    25 Dec 2007 Initial release
 --------------------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHcN4YK0LzjOqIJMwRAsxHAJ9n3UasZW5ukNeaCRR+A1HjWYFLwQCgqBDQ
KPXVvvq+/1FjX/7wZkss8o0=
=j6mt
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung