Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2009:124 | First vendor Publication | 2009-05-31 |
Vendor | Mandriva | Last vendor Modification | 2009-05-31 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities has been found and corrected in apache: Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm (CVE-2008-1678). Note that this security issue does not really apply as zlib compression is not enabled in the openssl build provided by Mandriva, but apache is patched to address this issue anyway (conserns 2008.1 only). Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this security issue was initially addressed with MDVSA-2008:195 but the patch fixing the issue was added but not applied in 2009.0. The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file (CVE-2009-1195). This update provides fixes for these vulnerabilities. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:124 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-399 | Resource Management Errors |
33 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
33 % | CWE-16 | Configuration |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11094 | |||
Oval ID: | oval:org.mitre.oval:def:11094 | ||
Title: | The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file. | ||
Description: | The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1195 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11316 | |||
Oval ID: | oval:org.mitre.oval:def:11316 | ||
Title: | Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. | ||
Description: | Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2939 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13835 | |||
Oval ID: | oval:org.mitre.oval:def:13835 | ||
Title: | USN-731-1 -- apache2 vulnerabilities | ||
Description: | It was discovered that Apache did not sanitize the method specifier header from an HTTP request when it is returned in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. This issue only affected Ubuntu 6.06 LTS and 7.10. It was discovered that Apache was vulnerable to a cross-site request forgery in the mod_proxy_balancer balancer manager. If an Apache administrator were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands that could modify the balancer manager configuration. This issue only affected Ubuntu 7.10 and 8.04 LTS. It was discovered that Apache had a memory leak when using mod_ssl with compression. A remote attacker could exploit this to exhaust server memory, leading to a denial of service. This issue only affected Ubuntu 7.10. It was discovered that in certain conditions, Apache did not specify a default character set when returning certain error messages containing UTF-7 encoded data, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. This issue only affected Ubuntu 6.06 LTS and 7.10. It was discovered that when configured as a proxy server, Apache did not limit the number of forwarded interim responses. A malicious remote server could send a large number of interim responses and cause a denial of service via memory exhaustion. It was discovered that mod_proxy_ftp did not sanitize wildcard pathnames when they are returned in directory listings, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output | ||
Family: | unix | Class: | patch |
Reference(s): | USN-731-1 CVE-2007-6203 CVE-2007-6420 CVE-2008-1678 CVE-2008-2168 CVE-2008-2364 CVE-2008-2939 | Version: | 5 |
Platform(s): | Ubuntu 7.10 Ubuntu 8.04 Ubuntu 6.06 | Product(s): | apache2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21751 | |||
Oval ID: | oval:org.mitre.oval:def:21751 | ||
Title: | ELSA-2008:0967: httpd security and bug fix update (Moderate) | ||
Description: | Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0967-01 CVE-2008-2364 CVE-2008-2939 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | httpd |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22777 | |||
Oval ID: | oval:org.mitre.oval:def:22777 | ||
Title: | ELSA-2009:1075: httpd security update (Moderate) | ||
Description: | The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1075-01 CVE-2008-1678 CVE-2009-1195 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | httpd |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28800 | |||
Oval ID: | oval:org.mitre.oval:def:28800 | ||
Title: | RHSA-2009:1075 -- httpd security update (Moderate) | ||
Description: | Updated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the handling of compression structures between mod_ssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively impacting other processes, or causing a system crash. (CVE-2008-1678) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1075 CESA-2009:1075-CentOS 5 CVE-2008-1678 CVE-2009-1195 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | httpd |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29289 | |||
Oval ID: | oval:org.mitre.oval:def:29289 | ||
Title: | RHSA-2008:0967 -- httpd security and bug fix update (Moderate) | ||
Description: | Updated httpd packages that resolve several security issues and fix a bug are now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the mod_proxy Apache module. An attacker in control of a Web server to which requests were being proxied could have caused a limited denial of service due to CPU consumption and stack exhaustion. (CVE-2008-2364) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2008:0967 CESA-2008:0967-CentOS 5 CESA-2008:0967-CentOS 3 CVE-2008-2364 CVE-2008-2939 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 5 CentOS Linux 3 | Product(s): | httpd |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7716 | |||
Oval ID: | oval:org.mitre.oval:def:7716 | ||
Title: | Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability | ||
Description: | Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2939 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Apache |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8704 | |||
Oval ID: | oval:org.mitre.oval:def:8704 | ||
Title: | Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability | ||
Description: | The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1195 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Apache |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9754 | |||
Oval ID: | oval:org.mitre.oval:def:9754 | ||
Title: | Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm. | ||
Description: | Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1678 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for httpd CESA-2009:1075 centos5 i386 File : nvt/gb_CESA-2009_1075_httpd_centos5_i386.nasl |
2011-01-04 | Name : HP-UX Update for Apache-based Web Server HPSBUX02612 File : nvt/gb_hp_ux_HPSBUX02612.nasl |
2010-05-12 | Name : Mac OS X Security Update 2008-007 File : nvt/macosx_secupd_2008-007.nasl |
2010-05-12 | Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl |
2010-05-12 | Name : Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006 File : nvt/macosx_upd_10_6_2_secupd_2009-006.nasl |
2010-01-22 | Name : Mandriva Update for openssl MDVSA-2010:022 (openssl) File : nvt/gb_mandriva_MDVSA_2010_022.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:323 (apache) File : nvt/mdksa_2009_323.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-27 | Name : SLES10: Security update for Apache 2 File : nvt/sles10_apache21.nasl |
2009-10-27 | Name : SLES11: Security update for Apache 2 File : nvt/sles11_apache2.nasl |
2009-10-27 | Name : SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1) File : nvt/suse_sa_2009_050.nasl |
2009-10-22 | Name : HP-UX Update for Apache-based Web Server HPSBUX02465 File : nvt/gb_hp_ux_HPSBUX02465.nasl |
2009-10-13 | Name : SLES10: Security update for Apache 2 File : nvt/sles10_apache20.nasl |
2009-10-10 | Name : SLES9: Security update for Apache 2 File : nvt/sles9p5037600.nasl |
2009-09-02 | Name : FreeBSD Ports: apache File : nvt/freebsd_apache15.nasl |
2009-09-02 | Name : Fedora Core 11 FEDORA-2009-8812 (httpd) File : nvt/fcore_2009_8812.nasl |
2009-07-29 | Name : Gentoo Security Advisory GLSA 200907-04 (apache) File : nvt/glsa_200907_04.nasl |
2009-07-29 | Name : RedHat Security Advisory RHSA-2009:1156 File : nvt/RHSA_2009_1156.nasl |
2009-07-15 | Name : Mandrake Security Advisory MDVSA-2009:124-1 (apache) File : nvt/mdksa_2009_124_1.nasl |
2009-06-23 | Name : Debian Security Advisory DSA 1816-1 (apache2) File : nvt/deb_1816_1.nasl |
2009-06-15 | Name : Ubuntu USN-787-1 (apache2) File : nvt/ubuntu_787_1.nasl |
2009-06-05 | Name : CentOS Security Advisory CESA-2009:1075 (httpd) File : nvt/ovcesa2009_1075.nasl |
2009-06-05 | Name : RedHat Security Advisory RHSA-2009:1075 File : nvt/RHSA_2009_1075.nasl |
2009-06-05 | Name : Ubuntu USN-720-1 (php5) File : nvt/ubuntu_720_1.nasl |
2009-06-05 | Name : Ubuntu USN-719-1 (libpam-krb5) File : nvt/ubuntu_719_1.nasl |
2009-06-05 | Name : Mandrake Security Advisory MDVSA-2009:124 (apache) File : nvt/mdksa_2009_124.nasl |
2009-06-03 | Name : Solaris Update for Apache 2 120544-14 File : nvt/gb_solaris_120544_14.nasl |
2009-06-03 | Name : Solaris Update for Apache 2 120543-14 File : nvt/gb_solaris_120543_14.nasl |
2009-05-28 | Name : Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability File : nvt/apache_CVE_2009_1195.nasl |
2009-05-05 | Name : HP-UX Update for Apache Web Server Suite HPSBUX02401 File : nvt/gb_hp_ux_HPSBUX02401.nasl |
2009-04-09 | Name : Mandriva Update for apache MDVSA-2008:195 (apache) File : nvt/gb_mandriva_MDVSA_2008_195.nasl |
2009-03-13 | Name : Ubuntu USN-731-1 (apache2) File : nvt/ubuntu_731_1.nasl |
2009-03-13 | Name : FreeBSD Ports: apache File : nvt/freebsd_apache14.nasl |
2009-03-06 | Name : RedHat Update for httpd RHSA-2008:0967-01 File : nvt/gb_RHSA-2008_0967-01_httpd.nasl |
2009-02-27 | Name : CentOS Update for httpd CESA-2008:0967 centos3 i386 File : nvt/gb_CESA-2008_0967_httpd_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for httpd CESA-2008:0967 centos3 x86_64 File : nvt/gb_CESA-2008_0967_httpd_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for httpd CESA-2008:0967 centos4 i386 File : nvt/gb_CESA-2008_0967_httpd_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for httpd CESA-2008:0967 centos4 x86_64 File : nvt/gb_CESA-2008_0967_httpd_centos4_x86_64.nasl |
2009-02-17 | Name : Fedora Update for httpd FEDORA-2008-6393 File : nvt/gb_fedora_2008_6393_httpd_fc9.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200807-06 (apache) File : nvt/glsa_200807_06.nasl |
2008-08-22 | Name : Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability File : nvt/secpod_apache_mod_proxy_ftp_xss_vuln_900107.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-060-02 openssl File : nvt/esoft_slk_ssa_2010_060_02.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-214-01 httpd File : nvt/esoft_slk_ssa_2009_214_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
54733 | Apache HTTP Server AllowOverride Directive .htaccess Options Bypass |
47810 | OpenSSL libssl crypto/comp/c_zlib.c zlib_stateful_init Function Memory Exhaus... |
47474 | Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Multiple Products IFRAME src javascript code execution RuleID : 3679 - Revision : 18 - Type : INDICATOR-OBFUSCATION |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1075.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0967.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090527_httpd_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081111_httpd_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_0_64.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-6572.nasl - Type : ACT_GATHER_INFO |
2010-03-11 | Name : The remote web server has multiple SSL-related vulnerabilities. File : openssl_0_9_8m.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-060-02.nasl - Type : ACT_GATHER_INFO |
2010-01-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-022.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1075.nasl - Type : ACT_GATHER_INFO |
2009-12-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-323.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_2.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-006.nasl - Type : ACT_GATHER_INFO |
2009-10-30 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-6576.nasl - Type : ACT_GATHER_INFO |
2009-10-26 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-6571.nasl - Type : ACT_GATHER_INFO |
2009-10-26 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-091020.nasl - Type : ACT_GATHER_INFO |
2009-10-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_apache2-091020.nasl - Type : ACT_GATHER_INFO |
2009-10-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_apache2-091020.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12258.nasl - Type : ACT_GATHER_INFO |
2009-09-02 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8812.nasl - Type : ACT_GATHER_INFO |
2009-08-31 | Name : The remote application server is affected by multiple vulnerabilities. File : websphere_7_0_0_5.nasl - Type : ACT_GATHER_INFO |
2009-08-25 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_e15f2356913911de8f42001aa0166822.nasl - Type : ACT_GATHER_INFO |
2009-08-03 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-214-01.nasl - Type : ACT_GATHER_INFO |
2009-08-02 | Name : The remote web server may be affected by several issues. File : apache_2_2_12.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_apache2-080925.nasl - Type : ACT_GATHER_INFO |
2009-07-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200907-04.nasl - Type : ACT_GATHER_INFO |
2009-06-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1816.nasl - Type : ACT_GATHER_INFO |
2009-06-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-787-1.nasl - Type : ACT_GATHER_INFO |
2009-06-01 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-124.nasl - Type : ACT_GATHER_INFO |
2009-05-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1075.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-002.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-731-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-195.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0967.nasl - Type : ACT_GATHER_INFO |
2009-03-12 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_f18920660e7411de92de000bcdc1757a.nasl - Type : ACT_GATHER_INFO |
2008-11-16 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-5767.nasl - Type : ACT_GATHER_INFO |
2008-11-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0967.nasl - Type : ACT_GATHER_INFO |
2008-11-05 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-5628.nasl - Type : ACT_GATHER_INFO |
2008-11-05 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-5629.nasl - Type : ACT_GATHER_INFO |
2008-11-05 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-5648.nasl - Type : ACT_GATHER_INFO |
2008-10-16 | Name : The remote web server is vulnerable to a cross-site scripting attack. File : apache_mod_proxy_ftp_glob_xss.nasl - Type : ACT_ATTACK |
2008-10-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-007.nasl - Type : ACT_GATHER_INFO |
2008-08-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6393.nasl - Type : ACT_GATHER_INFO |
2008-07-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200807-06.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:40:19 |
|
2013-05-11 00:47:26 |
|