5 - RHSA-2008:0966

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	Red Hat Application Stack v2.2 security and enhancement update

Informations
Name	RHSA-2008:0966	First vendor Publication	2008-12-04
Vendor	RedHat	Last vendor Modification	2008-12-04
Severity (Vendor)	Moderate	Revision	02

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Red Hat Application Stack v2.2 is now available. This update fixes several security issues and adds various enhancements.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Application Stack v2 for Enterprise Linux (v.5) - i386, noarch, x86_64

3. Description:

The Red Hat Application Stack v2.2 is an integrated open source application stack, that includes Red Hat Enterprise Linux 5 and JBoss Enterprise Application Platform (EAP) 4.2.

This erratum updates the Apache HTTP Server package to version 2.0.10 which addresses the following security issues:

A flaw was found in the mod_proxy module. An attacker who has control of a web server to which requests are being proxied could cause a limited denial of service due to CPU consumption and stack exhaustion. (CVE-2008-2364)

A flaw was found in the mod_proxy_ftp module. Where Apache is configured to support ftp-over-httpd proxying, a remote attacker could perform a cross-site scripting attack. (CVE-2008-2939)

A cross-site request forgery issue was found in the mod_proxy_balancer module. A remote attacker could cause a denial of service if mod_proxy_balancer is enabled and an authenticated user is targeted. (CVE-2007-6420)

The JBoss Enterprise Application Platform (EAP) 4.2 has been updated to version 4.2.0.CP05.

The following packages were also updated:

* mysql to 5.0.60sp1 * mysql-connector-odbc to 3.51.26r1127 * perl-DBI to 1.607 * perl-DBD-MySQL to 4.008 * perl-DBD-Pg to 1.49 * php-pear to 1.7.2 * postgresql to 8.2.11 * postgresqlclient81 to 8.1.11

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

451615 - CVE-2008-2364 httpd: mod_proxy_http DoS via excessive interim responses from the origin server 458250 - CVE-2008-2939 httpd: mod_proxy_ftp globbing XSS 471009 - CVE-2007-6420 mod_proxy_balancer CSRF

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2008-0966.html

CWE : Common Weakness Enumeration

%	Id	Name
33 %	CWE-770	Allocation of Resources Without Limits or Throttling
33 %	CWE-352	Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)
33 %	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11316

Oval ID:	oval:org.mitre.oval:def:11316
Title:	Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
Description:	Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-2939	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section httpd-devel is earlier than 0:2.0.46-71.ent AND mod_ssl is earlier than 0:2.0.46-71.ent AND httpd is earlier than 0:2.0.46-71.ent OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section httpd-suexec is earlier than 0:2.0.52-41.ent.2 AND httpd-manual is earlier than 0:2.0.52-41.ent.2 AND httpd-devel is earlier than 0:2.0.52-41.ent.2 AND mod_ssl is earlier than 0:2.0.52-41.ent.2 AND httpd is earlier than 0:2.0.52-41.ent.2 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section httpd-manual is earlier than 0:2.2.3-11.el5_2.4 AND httpd-devel is earlier than 0:2.2.3-11.el5_2.4 AND mod_ssl is earlier than 0:2.2.3-11.el5_2.4 AND httpd is earlier than 0:2.2.3-11.el5_2.4

Definition Id: oval:org.mitre.oval:def:11713

Oval ID:	oval:org.mitre.oval:def:11713
Title:	Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
Description:	The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-2364	Version:	7
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7	Product(s):	Apache
Definition Synopsis:
IF Apache HTTP Server 2.0.x is installed on the system AND The version of libhttpd.dll is less than 2.0.64 OR Apache HTTP Server 2.2.x is installed on the system AND The version of libhttpd.dll is less than 2.2.9

Definition Id: oval:org.mitre.oval:def:13835

Oval ID:	oval:org.mitre.oval:def:13835
Title:	USN-731-1 -- apache2 vulnerabilities
Description:	It was discovered that Apache did not sanitize the method specifier header from an HTTP request when it is returned in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. This issue only affected Ubuntu 6.06 LTS and 7.10. It was discovered that Apache was vulnerable to a cross-site request forgery in the mod_proxy_balancer balancer manager. If an Apache administrator were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands that could modify the balancer manager configuration. This issue only affected Ubuntu 7.10 and 8.04 LTS. It was discovered that Apache had a memory leak when using mod_ssl with compression. A remote attacker could exploit this to exhaust server memory, leading to a denial of service. This issue only affected Ubuntu 7.10. It was discovered that in certain conditions, Apache did not specify a default character set when returning certain error messages containing UTF-7 encoded data, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. This issue only affected Ubuntu 6.06 LTS and 7.10. It was discovered that when configured as a proxy server, Apache did not limit the number of forwarded interim responses. A malicious remote server could send a large number of interim responses and cause a denial of service via memory exhaustion. It was discovered that mod_proxy_ftp did not sanitize wildcard pathnames when they are returned in directory listings, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output
Family:	unix	Class:	patch
Reference(s):	USN-731-1 CVE-2007-6203 CVE-2007-6420 CVE-2008-1678 CVE-2008-2168 CVE-2008-2364 CVE-2008-2939	Version:	5
Platform(s):	Ubuntu 7.10 Ubuntu 8.04 Ubuntu 6.06	Product(s):	apache2
Definition Synopsis:
Release section Ubuntu 7.10 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section apache2-mpm-perchild DPKG is earlier than 2.2.4-3ubuntu0.2 AND apache2-doc DPKG is earlier than 2.2.4-3ubuntu0.2 AND apache2-src DPKG is earlier than 2.2.4-3ubuntu0.2 AND apache2 DPKG is earlier than 2.2.4-3ubuntu0.2 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section apache2-utils DPKG is earlier than 2.2.4-3ubuntu0.2 AND apache2-mpm-worker DPKG is earlier than 2.2.4-3ubuntu0.2 AND apache2.2-common DPKG is earlier than 2.2.4-3ubuntu0.2 AND apache2-mpm-prefork DPKG is earlier than 2.2.4-3ubuntu0.2 AND apache2-threaded-dev DPKG is earlier than 2.2.4-3ubuntu0.2 AND apache2-mpm-event DPKG is earlier than 2.2.4-3ubuntu0.2 AND apache2-prefork-dev DPKG is earlier than 2.2.4-3ubuntu0.2 OR Release section Ubuntu 8.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section apache2-mpm-perchild DPKG is earlier than 2.2.8-1ubuntu0.4 AND apache2-doc DPKG is earlier than 2.2.8-1ubuntu0.4 AND apache2-src DPKG is earlier than 2.2.8-1ubuntu0.4 AND apache2 DPKG is earlier than 2.2.8-1ubuntu0.4 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section apache2-utils DPKG is earlier than 2.2.8-1ubuntu0.4 AND apache2-mpm-worker DPKG is earlier than 2.2.8-1ubuntu0.4 AND apache2.2-common DPKG is earlier than 2.2.8-1ubuntu0.4 AND apache2-mpm-prefork DPKG is earlier than 2.2.8-1ubuntu0.4 AND apache2-threaded-dev DPKG is earlier than 2.2.8-1ubuntu0.4 AND apache2-mpm-event DPKG is earlier than 2.2.8-1ubuntu0.4 AND apache2-prefork-dev DPKG is earlier than 2.2.8-1ubuntu0.4 OR Release section Ubuntu 6.06 is installed AND Architecture section Architecture independent section Installed architecture is all AND apache2-doc DPKG is earlier than 2.0.55-4ubuntu2.4 OR Architecture depended section Supported architectures section Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is amd64 AND Installed architecture is i386 AND Packages section libapr0 DPKG is earlier than 2.0.55-4ubuntu2.4 AND apache2-utils DPKG is earlier than 2.0.55-4ubuntu2.4 AND apache2-mpm-worker DPKG is earlier than 2.0.55-4ubuntu2.4 AND apache2-mpm-perchild DPKG is earlier than 2.0.55-4ubuntu2.4 AND apache2-common DPKG is earlier than 2.0.55-4ubuntu2.4 AND libapr0-dev DPKG is earlier than 2.0.55-4ubuntu2.4 AND apache2 DPKG is earlier than 2.0.55-4ubuntu2.4 AND apache2-threaded-dev DPKG is earlier than 2.0.55-4ubuntu2.4 AND apache2-mpm-prefork DPKG is earlier than 2.0.55-4ubuntu2.4 AND apache2-prefork-dev DPKG is earlier than 2.0.55-4ubuntu2.4

Definition Id: oval:org.mitre.oval:def:21751

Oval ID:	oval:org.mitre.oval:def:21751
Title:	ELSA-2008:0967: httpd security and bug fix update (Moderate)
Description:	Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
Family:	unix	Class:	patch
Reference(s):	ELSA-2008:0967-01 CVE-2008-2364 CVE-2008-2939	Version:	13
Platform(s):	Oracle Linux 5	Product(s):	httpd
Definition Synopsis:
Oracle Linux 5.x rpm test httpd-manual is earlier than 0:2.2.3-11.el5_2.4 AND httpd-devel is earlier than 0:2.2.3-11.el5_2.4 AND mod_ssl is earlier than 0:2.2.3-11.el5_2.4 AND httpd is earlier than 0:2.2.3-11.el5_2.4

Definition Id: oval:org.mitre.oval:def:29289

Oval ID:	oval:org.mitre.oval:def:29289
Title:	RHSA-2008:0967 -- httpd security and bug fix update (Moderate)
Description:	Updated httpd packages that resolve several security issues and fix a bug are now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the mod_proxy Apache module. An attacker in control of a Web server to which requests were being proxied could have caused a limited denial of service due to CPU consumption and stack exhaustion. (CVE-2008-2364)
Family:	unix	Class:	patch
Reference(s):	RHSA-2008:0967 CESA-2008:0967-CentOS 5 CESA-2008:0967-CentOS 3 CVE-2008-2364 CVE-2008-2939	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 5 CentOS Linux 3	Product(s):	httpd
Definition Synopsis:
Red Hat Enterprise Linux 5 release section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages match section httpd-devel is earlier than 0:2.2.3-11.el5_2.4 AND httpd-manual is earlier than 0:2.2.3-11.el5_2.4 AND httpd is earlier than 0:2.2.3-11.el5_2.4 AND mod_ssl is earlier than 0:2.2.3-11.el5_2.4 AND Red Hat Enterprise Linux 3 release section The operating system installed on the system is Red Hat Enterprise Linux 3 Packages match section httpd is earlier than 0:2.0.46-71.ent AND httpd-devel is earlier than 0:2.0.46-71.ent AND mod_ssl is earlier than 0:2.0.46-71.ent AND Red Hat Enterprise Linux 4 release section The operating system installed on the system is Red Hat Enterprise Linux 4 Packages match section httpd is earlier than 0:2.0.52-41.ent.2 AND httpd-devel is earlier than 0:2.0.52-41.ent.2 AND httpd-manual is earlier than 0:2.0.52-41.ent.2 AND httpd-suexec is earlier than 0:2.0.52-41.ent.2 AND mod_ssl is earlier than 0:2.0.52-41.ent.2 AND CentOS Linux 5 release section The operating system installed on the system is CentOS Linux 5.x Packages match section httpd is earlier than 0:2.2.3-11.el5.centos.4 AND httpd-devel is earlier than 0:2.2.3-11.el5.centos.4 AND httpd-manual is earlier than 0:2.2.3-11.el5.centos.4 AND mod_ssl is earlier than 0:2.2.3-11.el5.centos.4

Definition Id: oval:org.mitre.oval:def:6084

Oval ID:	oval:org.mitre.oval:def:6084
Title:	HP-UX Running Apache, Remote Cross Site Scripting (XSS) or Denial of Service (DoS)
Description:	The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-2364	Version:	9
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02365 HP Release B.11.11 AND filesets tests hpuxwsAPACHE.PHP version is less than B.2.0.59.07.01 AND hpuxwsAPACHE.PHP2 version is less than B.2.0.59.07.01 AND hpuxwsAPACHE.APACHE version is less than B.2.0.59.07.01 AND hpuxwsAPACHE.APACHE2 version is less than B.2.0.59.07.01 AND hpuxwsAPACHE.AUTH_LDAP version is less than B.2.0.59.07.01 AND hpuxwsAPACHE.AUTH_LDAP2 version is less than B.2.0.59.07.01 AND hpuxwsAPACHE.MOD_JK version is less than B.2.0.59.07.01 AND hpuxwsAPACHE.MOD_JK2 version is less than B.2.0.59.07.01 AND hpuxwsAPACHE.WEBPROXY version is less than B.2.0.59.07.01 AND hpuxwsAPACHE.MOD_PERL version is less than B.2.0.59.07.01 AND hpuxwsAPACHE.MOD_PERL2 version is less than B.2.0.59.07.01 OR Criteria meets HP Security Bulletin HPSBUX02365 platforms HP-UX B.11.31 AND HP Release B.11.23 AND filesets tests hpuxwsAPCH32.PHP version is less than B.2.0.59.07.01 AND hpuxwsAPACHE.APACHE2 version is less than B.2.0.59.07.01 AND hpuxwsAPCH32.PHP2 version is less than B.2.0.59.07.01 AND hpuxwsAPACHE.AUTH_LDAP version is less than B.2.0.59.07.01 AND hpuxwsAPACHE.AUTH_LDAP2 version is less than B.2.0.59.07.01 AND hpuxwsAPACHE.MOD_JK version is less than B.2.0.59.07.01 AND hpuxwsAPCH32.APACHE version is less than B.2.0.59.07.01 AND hpuxwsAPCH32.APACHE2 version is less than B.2.0.59.07.01 AND hpuxwsAPACHE.MOD_JK2 version is less than B.2.0.59.07.01 AND hpuxwsAPACHE.MOD_PERL version is less than B.2.0.59.07.01 AND hpuxwsAPCH32.AUTH_LDAP version is less than B.2.0.59.07.01 AND hpuxwsAPCH32.AUTH_LDAP2 version is less than B.2.0.59.07.01 AND hpuxwsAPACHE.MOD_PERL2 version is less than B.2.0.59.07.01 AND hpuxwsAPCH32.MOD_JK version is less than B.2.0.59.07.01 AND hpuxwsAPACHE.PHP version is less than B.2.0.59.07.01 AND hpuxwsAPCH32.MOD_JK2 version is less than B.2.0.59.07.01 AND hpuxwsAPACHE.PHP2 version is less than B.2.0.59.07.01 AND hpuxwsAPACHE.WEBPROXY version is less than B.2.0.59.07.01 AND hpuxwsAPCH32.MOD_PERL version is less than B.2.0.59.07.01 AND hpuxwsAPCH32.WEBPROXY version is less than B.2.0.59.07.01 AND hpuxwsAPCH32.MOD_PERL2 version is less than B.2.0.59.07.01 AND hpuxwsAPACHE.APACHE version is less than B.2.0.59.07.01

Definition Id: oval:org.mitre.oval:def:7716

Oval ID:	oval:org.mitre.oval:def:7716
Title:	Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
Description:	Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-2939	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7	Product(s):	Apache
Definition Synopsis:
IF Apache HTTP Server 2.0.x is installed on the system AND The version of libhttpd.dll is less than 2.0.64 OR Apache HTTP Server 2.2.x is installed on the system AND The version of libhttpd.dll is less than 2.2.10

Definition Id: oval:org.mitre.oval:def:8371

Oval ID:	oval:org.mitre.oval:def:8371
Title:	Apache 'mod_proxy_balancer' Cross-Site Request Forgery (CSRF) Vulnerability
Description:	Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2007-6420	Version:	7
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7	Product(s):	Apache
Definition Synopsis:
Apache HTTP Server 2.2.x is installed on the system AND The version of libhttpd.dll is less than 2.2.9

Definition Id: oval:org.mitre.oval:def:9577

Oval ID:	oval:org.mitre.oval:def:9577
Title:	The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
Description:	The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-2364	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section httpd-devel is earlier than 0:2.0.46-71.ent AND mod_ssl is earlier than 0:2.0.46-71.ent AND httpd is earlier than 0:2.0.46-71.ent OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section httpd-suexec is earlier than 0:2.0.52-41.ent.2 AND httpd-manual is earlier than 0:2.0.52-41.ent.2 AND httpd-devel is earlier than 0:2.0.52-41.ent.2 AND mod_ssl is earlier than 0:2.0.52-41.ent.2 AND httpd is earlier than 0:2.0.52-41.ent.2 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section httpd-manual is earlier than 0:2.2.3-11.el5_2.4 AND httpd-devel is earlier than 0:2.2.3-11.el5_2.4 AND mod_ssl is earlier than 0:2.2.3-11.el5_2.4 AND httpd is earlier than 0:2.2.3-11.el5_2.4

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apache Http Server cpe:2.3:a:apache:http_server:2.2.9:::::::* cpe:2.3:a:apache:http_server:2.2.8:::::::* cpe:2.3:a:apache:http_server:2.2.7:::::::* cpe:2.3:a:apache:http_server:2.2.6:::::::* cpe:2.3:a:apache:http_server:2.2.5:::::::* cpe:2.3:a:apache:http_server:2.2.4:::::::* cpe:2.3:a:apache:http_server:2.2.3:::::::* cpe:2.3:a:apache:http_server:2.2.3::windows::::: cpe:2.3:a:apache:http_server:2.2.2:::::::* cpe:2.3:a:apache:http_server:2.2.2::windows::::: cpe:2.3:a:apache:http_server:2.2.1:::::::* cpe:2.3:a:apache:http_server:2.2.0:::::::* cpe:2.3:a:apache:http_server:2.2:::::::* cpe:2.3:a:apache:http_server:2.1.9:::::::* cpe:2.3:a:apache:http_server:2.1.8:::::::* cpe:2.3:a:apache:http_server:2.1.7:::::::* cpe:2.3:a:apache:http_server:2.1.6:::::::* cpe:2.3:a:apache:http_server:2.1.5:::::::* cpe:2.3:a:apache:http_server:2.1.4:::::::* cpe:2.3:a:apache:http_server:2.1.3:::::::* cpe:2.3:a:apache:http_server:2.1.2:::::::* cpe:2.3:a:apache:http_server:2.1.1:::::::* cpe:2.3:a:apache:http_server:2.1.0:::::::* cpe:2.3:a:apache:http_server:2.1:::::::* cpe:2.3:a:apache:http_server:2.0.9:::::::* cpe:2.3:a:apache:http_server:2.0.65:::::::* cpe:2.3:a:apache:http_server:2.0.64:::::::* cpe:2.3:a:apache:http_server:2.0.63:::::::* cpe:2.3:a:apache:http_server:2.0.61:::::::* cpe:2.3:a:apache:http_server:2.0.60:::::::* cpe:2.3:a:apache:http_server:2.0.59:::::::* cpe:2.3:a:apache:http_server:2.0.58:::::::* cpe:2.3:a:apache:http_server:2.0.58::win32::::: cpe:2.3:a:apache:http_server:2.0.57:::::::* cpe:2.3:a:apache:http_server:2.0.56:::::::* cpe:2.3:a:apache:http_server:2.0.55:::::::* cpe:2.3:a:apache:http_server:2.0.54:::::::* cpe:2.3:a:apache:http_server:2.0.53:::::::* cpe:2.3:a:apache:http_server:2.0.52:::::::* cpe:2.3:a:apache:http_server:2.0.51:::::::* cpe:2.3:a:apache:http_server:2.0.50:::::::* cpe:2.3:a:apache:http_server:2.0.49:::::::* cpe:2.3:a:apache:http_server:2.0.48:::::::* cpe:2.3:a:apache:http_server:2.0.47:::::::* cpe:2.3:a:apache:http_server:2.0.46:::::::* cpe:2.3:a:apache:http_server:2.0.46::win32::::: cpe:2.3:a:apache:http_server:2.0.45:::::::* cpe:2.3:a:apache:http_server:2.0.44:::::::* cpe:2.3:a:apache:http_server:2.0.43:::::::* cpe:2.3:a:apache:http_server:2.0.42:::::::* cpe:2.3:a:apache:http_server:2.0.41:::::::* cpe:2.3:a:apache:http_server:2.0.40:::::::* cpe:2.3:a:apache:http_server:2.0.39:::::::* cpe:2.3:a:apache:http_server:2.0.38:::::::* cpe:2.3:a:apache:http_server:2.0.37:::::::* cpe:2.3:a:apache:http_server:2.0.36:::::::* cpe:2.3:a:apache:http_server:2.0.35:::::::* cpe:2.3:a:apache:http_server:2.0.34:beta:::::: cpe:2.3:a:apache:http_server:2.0.34:beta:win32:::::* cpe:2.3:a:apache:http_server:2.0.34:::::::* cpe:2.3:a:apache:http_server:2.0.33:::::::* cpe:2.3:a:apache:http_server:2.0.32:beta:::::: cpe:2.3:a:apache:http_server:2.0.32:::::::* cpe:2.3:a:apache:http_server:2.0.32:beta:win32:::::* cpe:2.3:a:apache:http_server:2.0.31:::::::* cpe:2.3:a:apache:http_server:2.0.30:::::::* cpe:2.3:a:apache:http_server:2.0.29:::::::* cpe:2.3:a:apache:http_server:2.0.28:beta:::::: cpe:2.3:a:apache:http_server:2.0.28:::::::* cpe:2.3:a:apache:http_server:2.0.28:beta:win32:::::* cpe:2.3:a:apache:http_server:2.0.27:::::::* cpe:2.3:a:apache:http_server:2.0.26:::::::* cpe:2.3:a:apache:http_server:2.0.25:::::::* cpe:2.3:a:apache:http_server:2.0.24:::::::* cpe:2.3:a:apache:http_server:2.0.23:::::::* cpe:2.3:a:apache:http_server:2.0.22:::::::* cpe:2.3:a:apache:http_server:2.0.21:::::::* cpe:2.3:a:apache:http_server:2.0.20:::::::* cpe:2.3:a:apache:http_server:2.0.19:::::::* cpe:2.3:a:apache:http_server:2.0.18:::::::* cpe:2.3:a:apache:http_server:2.0.17:::::::* cpe:2.3:a:apache:http_server:2.0.16:::::::* cpe:2.3:a:apache:http_server:2.0.15:::::::* cpe:2.3:a:apache:http_server:2.0.14:::::::* cpe:2.3:a:apache:http_server:2.0.13:::::::* cpe:2.3:a:apache:http_server:2.0.12:::::::* cpe:2.3:a:apache:http_server:2.0.11:::::::* cpe:2.3:a:apache:http_server:2.0.0:::::::* cpe:2.3:a:apache:http_server:2.0:::::::* cpe:2.3:a:apache:http_server:2.0:alpha9:::::: cpe:2.3:a:apache:http_server:1.99:::::::* cpe:2.3:a:apache:http_server:1.4.0:::::::* cpe:2.3:a:apache:http_server:1.3.9:::::::* cpe:2.3:a:apache:http_server:1.3.9::win32::::: cpe:2.3:a:apache:http_server:1.3.8:::::::* cpe:2.3:a:apache:http_server:1.3.7:::::::* cpe:2.3:a:apache:http_server:1.3.7::dev::::: cpe:2.3:a:apache:http_server:1.3.68:::::::* cpe:2.3:a:apache:http_server:1.3.65:::::::* cpe:2.3:a:apache:http_server:1.3.6:::::::* cpe:2.3:a:apache:http_server:1.3.6::win32::::: cpe:2.3:a:apache:http_server:1.3.5:::::::* cpe:2.3:a:apache:http_server:1.3.42:::::::* cpe:2.3:a:apache:http_server:1.3.41:::::::* cpe:2.3:a:apache:http_server:1.3.40:::::::* cpe:2.3:a:apache:http_server:1.3.4:::::::* cpe:2.3:a:apache:http_server:1.3.39:::::::* cpe:2.3:a:apache:http_server:1.3.38:::::::* cpe:2.3:a:apache:http_server:1.3.37:::::::* cpe:2.3:a:apache:http_server:1.3.36:::::::* cpe:2.3:a:apache:http_server:1.3.35:::::::* cpe:2.3:a:apache:http_server:1.3.34:::::::* cpe:2.3:a:apache:http_server:1.3.33:::::::* cpe:2.3:a:apache:http_server:1.3.32:::::::* cpe:2.3:a:apache:http_server:1.3.31:::::::* cpe:2.3:a:apache:http_server:1.3.30:::::::* cpe:2.3:a:apache:http_server:1.3.3:::::::* cpe:2.3:a:apache:http_server:1.3.29:::::::* cpe:2.3:a:apache:http_server:1.3.28:::::::* cpe:2.3:a:apache:http_server:1.3.27:::::::* cpe:2.3:a:apache:http_server:1.3.26:::::::* cpe:2.3:a:apache:http_server:1.3.26::win32::::: cpe:2.3:a:apache:http_server:1.3.25:::::::* cpe:2.3:a:apache:http_server:1.3.25::win32::::: cpe:2.3:a:apache:http_server:1.3.24:::::::* cpe:2.3:a:apache:http_server:1.3.24::win32::::: cpe:2.3:a:apache:http_server:1.3.23:::::::* cpe:2.3:a:apache:http_server:1.3.23::win32::::: cpe:2.3:a:apache:http_server:1.3.22:::::::* cpe:2.3:a:apache:http_server:1.3.22::win32::::: cpe:2.3:a:apache:http_server:1.3.20:::::::* cpe:2.3:a:apache:http_server:1.3.20::win32::::: cpe:2.3:a:apache:http_server:1.3.2:::::::* cpe:2.3:a:apache:http_server:1.3.19:::::::* cpe:2.3:a:apache:http_server:1.3.19::win32::::: cpe:2.3:a:apache:http_server:1.3.18:::::::* cpe:2.3:a:apache:http_server:1.3.18::win32::::: cpe:2.3:a:apache:http_server:1.3.17:::::::* cpe:2.3:a:apache:http_server:1.3.17::win32::::: cpe:2.3:a:apache:http_server:1.3.16:::::::* cpe:2.3:a:apache:http_server:1.3.16::win32::::: cpe:2.3:a:apache:http_server:1.3.15:::::::* cpe:2.3:a:apache:http_server:1.3.15::win32::::: cpe:2.3:a:apache:http_server:1.3.14:::::::* cpe:2.3:a:apache:http_server:1.3.14::win32::::: cpe:2.3:a:apache:http_server:1.3.14::mac_os::::: cpe:2.3:a:apache:http_server:1.3.13:::::::* cpe:2.3:a:apache:http_server:1.3.13::win32::::: cpe:2.3:a:apache:http_server:1.3.12:::::::* cpe:2.3:a:apache:http_server:1.3.12::win32::::: cpe:2.3:a:apache:http_server:1.3.11:::::::* cpe:2.3:a:apache:http_server:1.3.11::win32::::: cpe:2.3:a:apache:http_server:1.3.10:::::::* cpe:2.3:a:apache:http_server:1.3.1.1:::::::* cpe:2.3:a:apache:http_server:1.3.1:::::::* cpe:2.3:a:apache:http_server:1.3.0:::::::* cpe:2.3:a:apache:http_server:1.3:::::::* cpe:2.3:a:apache:http_server:1.2.9:::::::* cpe:2.3:a:apache:http_server:1.2.6:::::::* cpe:2.3:a:apache:http_server:1.2.5:::::::* cpe:2.3:a:apache:http_server:1.2.4:::::::* cpe:2.3:a:apache:http_server:1.2.0:::::::* cpe:2.3:a:apache:http_server:1.15.17:::::::* cpe:2.3:a:apache:http_server:1.1.1:::::::* cpe:2.3:a:apache:http_server:1.1:::::::* cpe:2.3:a:apache:http_server:1.0.5:::::::* cpe:2.3:a:apache:http_server:1.0.3:::::::* cpe:2.3:a:apache:http_server:1.0.2:::::::* cpe:2.3:a:apache:http_server:1.0:::::::* cpe:2.3:a:apache:http_server:0.8.14:::::::* cpe:2.3:a:apache:http_server:0.8.11:::::::* cpe:2.3:a:apache:http_server:::::::: cpe:2.3:a:apache:http_server:::win32:::::* cpe:2.3:a:apache:http_server:-:::::::*	174
Application	Apple Mac Os X cpe:2.3:a:apple:mac_os_x:10.5.6:::::::* cpe:2.3:a:apple:mac_os_x::::::::	2
Os	Apple Mac Os X cpe:2.3:o:apple:mac_os_x:10.5.6:::::::* cpe:2.3:o:apple:mac_os_x:10.5.5:::::::* cpe:2.3:o:apple:mac_os_x:10.5.4:::::::* cpe:2.3:o:apple:mac_os_x:10.5.3:::::::* cpe:2.3:o:apple:mac_os_x:10.5.2:::::::* cpe:2.3:o:apple:mac_os_x:10.5.2:2008-002:::::: cpe:2.3:o:apple:mac_os_x:10.5.1:::::::* cpe:2.3:o:apple:mac_os_x:10.5.0:::::::* cpe:2.3:o:apple:mac_os_x:10.5:::::::* cpe:2.3:o:apple:mac_os_x:10.4.9:::::::* cpe:2.3:o:apple:mac_os_x:10.4.8:::::::* cpe:2.3:o:apple:mac_os_x:10.4.8::macbook::::: cpe:2.3:o:apple:mac_os_x:10.4.8::mac_mini::::: cpe:2.3:o:apple:mac_os_x:10.4.8::macbook_pro::::: cpe:2.3:o:apple:mac_os_x:10.4.7:::::::* cpe:2.3:o:apple:mac_os_x:10.4.6:::::::* cpe:2.3:o:apple:mac_os_x:10.4.5:::::::* cpe:2.3:o:apple:mac_os_x:10.4.4:::::::* cpe:2.3:o:apple:mac_os_x:10.4.3:::::::* cpe:2.3:o:apple:mac_os_x:10.4.2:::::::* cpe:2.3:o:apple:mac_os_x:10.4.11:::::::* cpe:2.3:o:apple:mac_os_x:10.4.10:::::::* cpe:2.3:o:apple:mac_os_x:10.4.1:::::::* cpe:2.3:o:apple:mac_os_x:10.4.0:::::::* cpe:2.3:o:apple:mac_os_x:10.4.:::::::* cpe:2.3:o:apple:mac_os_x:10.4:::::::* cpe:2.3:o:apple:mac_os_x:10.3.9:::::::* cpe:2.3:o:apple:mac_os_x:10.3.8:::::::* cpe:2.3:o:apple:mac_os_x:10.3.7:::::::* cpe:2.3:o:apple:mac_os_x:10.3.6:::::::* cpe:2.3:o:apple:mac_os_x:10.3.5:::::::* cpe:2.3:o:apple:mac_os_x:10.3.4:::::::* cpe:2.3:o:apple:mac_os_x:10.3.3:::::::* cpe:2.3:o:apple:mac_os_x:10.3.2:::::::* cpe:2.3:o:apple:mac_os_x:10.3.1:::::::* cpe:2.3:o:apple:mac_os_x:10.3.0:::::::* cpe:2.3:o:apple:mac_os_x:10.3:::::::* cpe:2.3:o:apple:mac_os_x:10.2.8:::::::* cpe:2.3:o:apple:mac_os_x:10.2.7:::::::* cpe:2.3:o:apple:mac_os_x:10.2.6:::::::* cpe:2.3:o:apple:mac_os_x:10.2.5:::::::* cpe:2.3:o:apple:mac_os_x:10.2.4:::::::* cpe:2.3:o:apple:mac_os_x:10.2.3:::::::* cpe:2.3:o:apple:mac_os_x:10.2.2:::::::* cpe:2.3:o:apple:mac_os_x:10.2.1:::::::* cpe:2.3:o:apple:mac_os_x:10.2.0:::::::* cpe:2.3:o:apple:mac_os_x:10.2:::::::* cpe:2.3:o:apple:mac_os_x:10.1.5:::::::* cpe:2.3:o:apple:mac_os_x:10.1.4:::::::* cpe:2.3:o:apple:mac_os_x:10.1.3:::::::* cpe:2.3:o:apple:mac_os_x:10.1.2:::::::* cpe:2.3:o:apple:mac_os_x:10.1.1:::::::* cpe:2.3:o:apple:mac_os_x:10.1.0:::::::* cpe:2.3:o:apple:mac_os_x:10.1:::::::* cpe:2.3:o:apple:mac_os_x:10.0.4:::::::* cpe:2.3:o:apple:mac_os_x:10.0.3:::::::* cpe:2.3:o:apple:mac_os_x:10.0.2:::::::* cpe:2.3:o:apple:mac_os_x:10.0.1:::::::* cpe:2.3:o:apple:mac_os_x:10.0.0:::::::* cpe:2.3:o:apple:mac_os_x:10.0:::::::* cpe:2.3:o:apple:mac_os_x:::::::: cpe:2.3:o:apple:mac_os_x:-:::::::*	62
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:8.04::::-::: cpe:2.3:o:canonical:ubuntu_linux:8.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts::: cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*	6
Os	Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:9:::::::* cpe:2.3:o:fedoraproject:fedora:8:::::::*	2
Os	Opensuse cpe:2.3:o:opensuse:opensuse:11.0:::::::* cpe:2.3:o:opensuse:opensuse:10.3:::::::* cpe:2.3:o:opensuse:opensuse:10.2:::::::*	3
Os	Redhat Enterprise Linux Desktop cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:::::::*	3
Os	Redhat Enterprise Linux Eus cpe:2.3:o:redhat:enterprise_linux_eus:5.2:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:4.7:::::::*	2
Os	Redhat Enterprise Linux Server cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server:4.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server:3.0:::::::*	3
Os	Redhat Enterprise Linux Workstation cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:::::::*	3

OpenVAS Exploits

Date	Description
2010-05-12	Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl
2010-05-12	Name : Mac OS X Security Update 2008-007 File : nvt/macosx_secupd_2008-007.nasl
2009-12-10	Name : Mandriva Security Advisory MDVSA-2009:323 (apache) File : nvt/mdksa_2009_323.nasl
2009-11-17	Name : Mac OS X Version File : nvt/macosx_version.nasl
2009-10-22	Name : HP-UX Update for Apache-based Web Server HPSBUX02465 File : nvt/gb_hp_ux_HPSBUX02465.nasl
2009-10-13	Name : SLES10: Security update for Apache 2 File : nvt/sles10_apache20.nasl
2009-10-13	Name : SLES10: Security update for Apache 2 File : nvt/sles10_apache2.nasl
2009-10-10	Name : SLES9: Security update for Apache 2 File : nvt/sles9p5037600.nasl
2009-07-15	Name : Mandrake Security Advisory MDVSA-2009:124-1 (apache) File : nvt/mdksa_2009_124_1.nasl
2009-06-05	Name : Ubuntu USN-720-1 (php5) File : nvt/ubuntu_720_1.nasl
2009-06-05	Name : Mandrake Security Advisory MDVSA-2009:124 (apache) File : nvt/mdksa_2009_124.nasl
2009-06-05	Name : Ubuntu USN-719-1 (libpam-krb5) File : nvt/ubuntu_719_1.nasl
2009-06-03	Name : Solaris Update for Apache 2 120543-14 File : nvt/gb_solaris_120543_14.nasl
2009-06-03	Name : Solaris Update for Apache 2 120544-14 File : nvt/gb_solaris_120544_14.nasl
2009-05-05	Name : HP-UX Update for Apache Web Server Suite HPSBUX02401 File : nvt/gb_hp_ux_HPSBUX02401.nasl
2009-05-05	Name : HP-UX Update for Apache HPSBUX02365 File : nvt/gb_hp_ux_HPSBUX02365.nasl
2009-04-09	Name : Mandriva Update for apache MDVSA-2008:195 (apache) File : nvt/gb_mandriva_MDVSA_2008_195.nasl
2009-03-31	Name : SuSE Security Summary SUSE-SR:2009:007 File : nvt/suse_sr_2009_007.nasl
2009-03-13	Name : SuSE Security Summary SUSE-SR:2009:006 File : nvt/suse_sr_2009_006.nasl
2009-03-13	Name : Ubuntu USN-731-1 (apache2) File : nvt/ubuntu_731_1.nasl
2009-03-13	Name : FreeBSD Ports: apache File : nvt/freebsd_apache14.nasl
2009-03-06	Name : RedHat Update for httpd RHSA-2008:0967-01 File : nvt/gb_RHSA-2008_0967-01_httpd.nasl
2009-02-27	Name : CentOS Update for httpd CESA-2008:0967 centos4 x86_64 File : nvt/gb_CESA-2008_0967_httpd_centos4_x86_64.nasl
2009-02-27	Name : CentOS Update for httpd CESA-2008:0967 centos4 i386 File : nvt/gb_CESA-2008_0967_httpd_centos4_i386.nasl
2009-02-27	Name : CentOS Update for httpd CESA-2008:0967 centos3 x86_64 File : nvt/gb_CESA-2008_0967_httpd_centos3_x86_64.nasl
2009-02-27	Name : CentOS Update for httpd CESA-2008:0967 centos3 i386 File : nvt/gb_CESA-2008_0967_httpd_centos3_i386.nasl
2009-02-17	Name : Fedora Update for httpd FEDORA-2008-6393 File : nvt/gb_fedora_2008_6393_httpd_fc9.nasl
2009-02-17	Name : Fedora Update for httpd FEDORA-2008-6314 File : nvt/gb_fedora_2008_6314_httpd_fc8.nasl
2008-09-25	Name : IBM HTTP Server mod_proxy Interim Responses DoS Vulnerability File : nvt/secpod_ibmhttpserver_mod_proxy_dos_900222.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200807-06 (apache) File : nvt/glsa_200807_06.nasl
2008-09-04	Name : FreeBSD Ports: apache File : nvt/freebsd_apache13.nasl
2008-08-22	Name : Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability File : nvt/secpod_apache_mod_proxy_ftp_xss_vuln_900107.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
47474	Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
46085	Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interi...
42937	Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF

Snort® IPS/IDS

Date	Description
2014-01-10	Multiple Products IFRAME src javascript code execution RuleID : 3679 - Revision : 18 - Type : INDICATOR-OBFUSCATION

Nessus® Vulnerability Scanner

Date	Description
2013-08-11	Name : The remote web server may be affected by multiple vulnerabilities. File : oracle_http_server_cpu_jul_2013.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0967.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081111_httpd_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-10-20	Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_0_64.nasl - Type : ACT_GATHER_INFO
2009-12-08	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-323.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-6035.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12258.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_apache2-080925.nasl - Type : ACT_GATHER_INFO
2009-06-01	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-124.nasl - Type : ACT_GATHER_INFO
2009-05-13	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO
2009-05-13	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-002.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-731-1.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-195.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0967.nasl - Type : ACT_GATHER_INFO
2009-03-13	Name : The remote openSUSE host is missing a security update. File : suse_apache2-6054.nasl - Type : ACT_GATHER_INFO
2009-03-12	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_f18920660e7411de92de000bcdc1757a.nasl - Type : ACT_GATHER_INFO
2008-11-16	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-5767.nasl - Type : ACT_GATHER_INFO
2008-11-12	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0967.nasl - Type : ACT_GATHER_INFO
2008-11-05	Name : The remote openSUSE host is missing a security update. File : suse_apache2-5628.nasl - Type : ACT_GATHER_INFO
2008-11-05	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-5629.nasl - Type : ACT_GATHER_INFO
2008-11-05	Name : The remote openSUSE host is missing a security update. File : suse_apache2-5648.nasl - Type : ACT_GATHER_INFO
2008-10-16	Name : The remote web server is vulnerable to a cross-site scripting attack. File : apache_mod_proxy_ftp_glob_xss.nasl - Type : ACT_ATTACK
2008-10-10	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-007.nasl - Type : ACT_GATHER_INFO
2008-08-08	Name : The remote Fedora host is missing a security update. File : fedora_2008-6393.nasl - Type : ACT_GATHER_INFO
2008-08-08	Name : The remote Fedora host is missing a security update. File : fedora_2008-6314.nasl - Type : ACT_GATHER_INFO
2008-07-11	Name : The remote web server may be affected by several issues. File : apache_2_2_9.nasl - Type : ACT_GATHER_INFO
2008-07-10	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200807-06.nasl - Type : ACT_GATHER_INFO
2008-06-24	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_c84dc9ad41f711dda4f900163e000016.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
CWE ID(s)	3
Oval ID(s)	9
CPE ID(s)	260
osvdb(s)	3
Openvas Exploit(s)	32
Snort® Rule(s)	1
Nessus® Exploit(s)	28

	Related
5	CVE-2008-2364
4.3	CVE-2008-2939
4.3	CVE-2007-6420
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)