Executive Summary
Summary | |
---|---|
Title | HP Business Availability Center Running Apache, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Denial of Service (DoS) |
Informations | |||
---|---|---|---|
Name | HPSBMA02442 SSRT090108 | First vendor Publication | 2010-05-25 |
Vendor | HP | Last vendor Modification | 2010-05-25 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Potential security vulnerabilities have been identified with HP Business Availability Center running Apache. The vulnerabilities could be remotely exploited to allow Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and Denial of Service (DoS). |
Original Source
Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01800059 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-18 | Embedding Scripts in Nonscript Elements |
CAPEC-63 | Simple Script Injection |
CAPEC-73 | User-Controlled Filename |
CAPEC-81 | Web Logs Tampering |
CAPEC-85 | Client Network Footprinting (using AJAX/XSS) |
CAPEC-86 | Embedding Script (XSS ) in HTTP Headers |
CAPEC-104 | Cross Zone Scripting |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
62 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
12 % | CWE-770 | Allocation of Resources Without Limits or Throttling |
12 % | CWE-399 | Resource Management Errors |
12 % | CWE-352 | Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10181 | |||
Oval ID: | oval:org.mitre.oval:def:10181 | ||
Title: | The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable. | ||
Description: | The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-6422 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10272 | |||
Oval ID: | oval:org.mitre.oval:def:10272 | ||
Title: | Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
Description: | Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-6388 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10664 | |||
Oval ID: | oval:org.mitre.oval:def:10664 | ||
Title: | Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL. | ||
Description: | Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-6421 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10812 | |||
Oval ID: | oval:org.mitre.oval:def:10812 | ||
Title: | mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding. | ||
Description: | mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-0005 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11316 | |||
Oval ID: | oval:org.mitre.oval:def:11316 | ||
Title: | Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. | ||
Description: | Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2939 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11713 | |||
Oval ID: | oval:org.mitre.oval:def:11713 | ||
Title: | Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability | ||
Description: | The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2364 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Apache |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13835 | |||
Oval ID: | oval:org.mitre.oval:def:13835 | ||
Title: | USN-731-1 -- apache2 vulnerabilities | ||
Description: | It was discovered that Apache did not sanitize the method specifier header from an HTTP request when it is returned in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. This issue only affected Ubuntu 6.06 LTS and 7.10. It was discovered that Apache was vulnerable to a cross-site request forgery in the mod_proxy_balancer balancer manager. If an Apache administrator were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands that could modify the balancer manager configuration. This issue only affected Ubuntu 7.10 and 8.04 LTS. It was discovered that Apache had a memory leak when using mod_ssl with compression. A remote attacker could exploit this to exhaust server memory, leading to a denial of service. This issue only affected Ubuntu 7.10. It was discovered that in certain conditions, Apache did not specify a default character set when returning certain error messages containing UTF-7 encoded data, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. This issue only affected Ubuntu 6.06 LTS and 7.10. It was discovered that when configured as a proxy server, Apache did not limit the number of forwarded interim responses. A malicious remote server could send a large number of interim responses and cause a denial of service via memory exhaustion. It was discovered that mod_proxy_ftp did not sanitize wildcard pathnames when they are returned in directory listings, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output | ||
Family: | unix | Class: | patch |
Reference(s): | USN-731-1 CVE-2007-6203 CVE-2007-6420 CVE-2008-1678 CVE-2008-2168 CVE-2008-2364 CVE-2008-2939 | Version: | 5 |
Platform(s): | Ubuntu 7.10 Ubuntu 8.04 Ubuntu 6.06 | Product(s): | apache2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17648 | |||
Oval ID: | oval:org.mitre.oval:def:17648 | ||
Title: | USN-575-1 -- apache2 vulnerabilities | ||
Description: | It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-575-1 CVE-2006-3918 CVE-2007-3847 CVE-2007-4465 CVE-2007-5000 CVE-2007-6388 CVE-2007-6421 CVE-2007-6422 CVE-2008-0005 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | apache2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21751 | |||
Oval ID: | oval:org.mitre.oval:def:21751 | ||
Title: | ELSA-2008:0967: httpd security and bug fix update (Moderate) | ||
Description: | Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0967-01 CVE-2008-2364 CVE-2008-2939 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | httpd |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22498 | |||
Oval ID: | oval:org.mitre.oval:def:22498 | ||
Title: | ELSA-2008:0008: httpd security update (Moderate) | ||
Description: | mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0008-01 CVE-2007-4465 CVE-2007-5000 CVE-2007-6388 CVE-2007-6421 CVE-2007-6422 CVE-2008-0005 | Version: | 29 |
Platform(s): | Oracle Linux 5 | Product(s): | httpd |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29289 | |||
Oval ID: | oval:org.mitre.oval:def:29289 | ||
Title: | RHSA-2008:0967 -- httpd security and bug fix update (Moderate) | ||
Description: | Updated httpd packages that resolve several security issues and fix a bug are now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the mod_proxy Apache module. An attacker in control of a Web server to which requests were being proxied could have caused a limited denial of service due to CPU consumption and stack exhaustion. (CVE-2008-2364) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2008:0967 CESA-2008:0967-CentOS 5 CESA-2008:0967-CentOS 3 CVE-2008-2364 CVE-2008-2939 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 5 CentOS Linux 3 | Product(s): | httpd |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7716 | |||
Oval ID: | oval:org.mitre.oval:def:7716 | ||
Title: | Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability | ||
Description: | Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2939 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Apache |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8371 | |||
Oval ID: | oval:org.mitre.oval:def:8371 | ||
Title: | Apache 'mod_proxy_balancer' Cross-Site Request Forgery (CSRF) Vulnerability | ||
Description: | Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-6420 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Apache |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8651 | |||
Oval ID: | oval:org.mitre.oval:def:8651 | ||
Title: | Apache 'mod_proxy_balancer' Cross-Site Scripting Vulnerability | ||
Description: | Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-6421 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Apache |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8690 | |||
Oval ID: | oval:org.mitre.oval:def:8690 | ||
Title: | Apache 'mod_proxy_balancer' Invalid bb Variable Denial of Service Vulnerability | ||
Description: | The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-6422 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Apache |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9539 | |||
Oval ID: | oval:org.mitre.oval:def:9539 | ||
Title: | Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
Description: | Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-5000 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9577 | |||
Oval ID: | oval:org.mitre.oval:def:9577 | ||
Title: | The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. | ||
Description: | The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2364 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X Security Update 2008-007 File : nvt/macosx_secupd_2008-007.nasl |
2010-05-12 | Name : Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003 File : nvt/macosx_upd_10_5_3_secupd_2008-003.nasl |
2010-05-12 | Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl |
2010-02-03 | Name : Solaris Update for Apache 1.3 122911-19 File : nvt/gb_solaris_122911_19.nasl |
2010-02-03 | Name : Solaris Update for Apache 1.3 122912-19 File : nvt/gb_solaris_122912_19.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:323 (apache) File : nvt/mdksa_2009_323.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-22 | Name : HP-UX Update for Apache-based Web Server HPSBUX02465 File : nvt/gb_hp_ux_HPSBUX02465.nasl |
2009-10-13 | Name : SLES10: Security update for Apache 2 File : nvt/sles10_apache20.nasl |
2009-10-13 | Name : Solaris Update for Apache 1.3 122912-17 File : nvt/gb_solaris_122912_17.nasl |
2009-10-13 | Name : SLES10: Security update for Apache 2 File : nvt/sles10_apache2.nasl |
2009-10-13 | Name : Solaris Update for Apache 1.3 122911-17 File : nvt/gb_solaris_122911_17.nasl |
2009-10-10 | Name : SLES9: Security update for Apache 2 File : nvt/sles9p5023052.nasl |
2009-10-10 | Name : SLES9: Security update for Apache File : nvt/sles9p5023075.nasl |
2009-10-10 | Name : SLES9: Security update for Apache 2 File : nvt/sles9p5037600.nasl |
2009-09-23 | Name : Solaris Update for Apache 1.3 122912-16 File : nvt/gb_solaris_122912_16.nasl |
2009-09-23 | Name : Solaris Update for Apache 1.3 122911-16 File : nvt/gb_solaris_122911_16.nasl |
2009-07-17 | Name : HP-UX Update for Apache Web Server Suite HPSBUX02431 File : nvt/gb_hp_ux_HPSBUX02431.nasl |
2009-07-15 | Name : Mandrake Security Advisory MDVSA-2009:124-1 (apache) File : nvt/mdksa_2009_124_1.nasl |
2009-06-05 | Name : Mandrake Security Advisory MDVSA-2009:124 (apache) File : nvt/mdksa_2009_124.nasl |
2009-06-05 | Name : Ubuntu USN-720-1 (php5) File : nvt/ubuntu_720_1.nasl |
2009-06-05 | Name : Ubuntu USN-719-1 (libpam-krb5) File : nvt/ubuntu_719_1.nasl |
2009-06-03 | Name : Solaris Update for Apache 1.3 122911-15 File : nvt/gb_solaris_122911_15.nasl |
2009-06-03 | Name : Solaris Update for Apache 2 120544-14 File : nvt/gb_solaris_120544_14.nasl |
2009-06-03 | Name : Solaris Update for Apache 2 120543-14 File : nvt/gb_solaris_120543_14.nasl |
2009-06-03 | Name : Solaris Update for Apache 116974-07 File : nvt/gb_solaris_116974_07.nasl |
2009-06-03 | Name : Solaris Update for Apache 1.3 122912-15 File : nvt/gb_solaris_122912_15.nasl |
2009-06-03 | Name : Solaris Update for Apache 116973-07 File : nvt/gb_solaris_116973_07.nasl |
2009-06-03 | Name : Solaris Update for Apache Security 114145-11 File : nvt/gb_solaris_114145_11.nasl |
2009-06-03 | Name : Solaris Update for Apache Security 113146-12 File : nvt/gb_solaris_113146_12.nasl |
2009-05-05 | Name : HP-UX Update for Apache HPSBUX02308 File : nvt/gb_hp_ux_HPSBUX02308.nasl |
2009-05-05 | Name : HP-UX Update for Apache Web Server Suite HPSBUX02401 File : nvt/gb_hp_ux_HPSBUX02401.nasl |
2009-05-05 | Name : HP-UX Update for Apache HPSBUX02365 File : nvt/gb_hp_ux_HPSBUX02365.nasl |
2009-05-05 | Name : HP-UX Update for Apache HPSBUX02313 File : nvt/gb_hp_ux_HPSBUX02313.nasl |
2009-04-09 | Name : Mandriva Update for apache MDVSA-2008:195 (apache) File : nvt/gb_mandriva_MDVSA_2008_195.nasl |
2009-04-09 | Name : Mandriva Update for apache MDVSA-2008:016 (apache) File : nvt/gb_mandriva_MDVSA_2008_016.nasl |
2009-03-31 | Name : SuSE Security Summary SUSE-SR:2009:007 File : nvt/suse_sr_2009_007.nasl |
2009-03-23 | Name : Ubuntu Update for apache2 vulnerabilities USN-575-1 File : nvt/gb_ubuntu_USN_575_1.nasl |
2009-03-13 | Name : SuSE Security Summary SUSE-SR:2009:006 File : nvt/suse_sr_2009_006.nasl |
2009-03-13 | Name : Ubuntu USN-731-1 (apache2) File : nvt/ubuntu_731_1.nasl |
2009-03-13 | Name : FreeBSD Ports: apache File : nvt/freebsd_apache14.nasl |
2009-03-06 | Name : RedHat Update for httpd RHSA-2008:0967-01 File : nvt/gb_RHSA-2008_0967-01_httpd.nasl |
2009-03-06 | Name : RedHat Update for httpd RHSA-2008:0008-01 File : nvt/gb_RHSA-2008_0008-01_httpd.nasl |
2009-03-06 | Name : RedHat Update for httpd RHSA-2008:0006-01 File : nvt/gb_RHSA-2008_0006-01_httpd.nasl |
2009-03-06 | Name : RedHat Update for httpd RHSA-2008:0005-01 File : nvt/gb_RHSA-2008_0005-01_httpd.nasl |
2009-03-06 | Name : RedHat Update for apache RHSA-2008:0004-01 File : nvt/gb_RHSA-2008_0004-01_apache.nasl |
2009-02-27 | Name : CentOS Update for apache CESA-2008:0004-01 centos2 i386 File : nvt/gb_CESA-2008_0004-01_apache_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for httpd CESA-2008:0005 centos3 i386 File : nvt/gb_CESA-2008_0005_httpd_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for httpd CESA-2008:0005 centos3 x86_64 File : nvt/gb_CESA-2008_0005_httpd_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for httpd CESA-2008:0006 centos4 i386 File : nvt/gb_CESA-2008_0006_httpd_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for httpd CESA-2008:0006 centos4 x86_64 File : nvt/gb_CESA-2008_0006_httpd_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for httpd CESA-2008:0967 centos4 x86_64 File : nvt/gb_CESA-2008_0967_httpd_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for httpd CESA-2008:0967 centos4 i386 File : nvt/gb_CESA-2008_0967_httpd_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for httpd CESA-2008:0967 centos3 x86_64 File : nvt/gb_CESA-2008_0967_httpd_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for httpd CESA-2008:0967 centos3 i386 File : nvt/gb_CESA-2008_0967_httpd_centos3_i386.nasl |
2009-02-17 | Name : Fedora Update for httpd FEDORA-2008-6314 File : nvt/gb_fedora_2008_6314_httpd_fc8.nasl |
2009-02-17 | Name : Fedora Update for httpd FEDORA-2008-6393 File : nvt/gb_fedora_2008_6393_httpd_fc9.nasl |
2009-02-16 | Name : Fedora Update for httpd FEDORA-2008-1695 File : nvt/gb_fedora_2008_1695_httpd_fc8.nasl |
2009-02-16 | Name : Fedora Update for httpd FEDORA-2008-1711 File : nvt/gb_fedora_2008_1711_httpd_fc7.nasl |
2009-01-23 | Name : SuSE Update for apache2,apache SUSE-SA:2008:021 File : nvt/gb_suse_2008_021.nasl |
2008-12-02 | Name : HP OpenView Network Node Manager XSS Vulnerability File : nvt/secpod_hp_openview_nnm_xss_vuln_900403.nasl |
2008-09-25 | Name : IBM HTTP Server mod_proxy Interim Responses DoS Vulnerability File : nvt/secpod_ibmhttpserver_mod_proxy_dos_900222.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200807-06 (apache) File : nvt/glsa_200807_06.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200803-19 (apache) File : nvt/glsa_200803_19.nasl |
2008-09-04 | Name : FreeBSD Ports: apache File : nvt/freebsd_apache13.nasl |
2008-08-22 | Name : Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability File : nvt/secpod_apache_mod_proxy_ftp_xss_vuln_900107.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-210-02 httpd File : nvt/esoft_slk_ssa_2008_210_02.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-045-02 apache File : nvt/esoft_slk_ssa_2008_045_02.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-045-01 httpd File : nvt/esoft_slk_ssa_2008_045_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
47474 | Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS |
46085 | Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interi... |
42937 | Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF |
42214 | Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS |
40264 | Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable R... |
40263 | Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS Apache HTTP Server contains a flaw that allows a remote cross site scripting attack. This flaw exists in mod_proxy_balancer because the application does not validate the ss, wr, and rr variables, as well as other contents in the URL, upon submission to the balancer-manager. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
40262 | Apache HTTP Server mod_status refresh XSS Apache HTTP Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because with mod_status enabled, the application does not validate the refresh parameter on the server-status page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
39134 | Apache mod_imagemap Module Imagemap Unspecified XSS |
39133 | Apache mod_imap Module Imagemap File Unspecified XSS |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Multiple Products IFRAME src javascript code execution RuleID : 3679 - Revision : 18 - Type : INDICATOR-OBFUSCATION |
2014-01-10 | Apache mod_imagemap cross site scripting attempt RuleID : 13302 - Revision : 12 - Type : SERVER-APACHE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL8186.nasl - Type : ACT_GATHER_INFO |
2013-08-11 | Name : The remote web server may be affected by multiple vulnerabilities. File : oracle_http_server_cpu_jul_2013.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0967.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0008.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0006.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0005.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0523.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0263.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081111_httpd_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080115_httpd_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_0_64.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0524.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0261.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0008.nasl - Type : ACT_GATHER_INFO |
2009-12-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-323.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12258.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12125.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12124.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-6035.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_apache2-080925.nasl - Type : ACT_GATHER_INFO |
2009-06-15 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_38147.nasl - Type : ACT_GATHER_INFO |
2009-06-15 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_38148.nasl - Type : ACT_GATHER_INFO |
2009-06-01 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-124.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-002.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0967.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-016.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-195.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-731-1.nasl - Type : ACT_GATHER_INFO |
2009-03-13 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-6054.nasl - Type : ACT_GATHER_INFO |
2009-03-12 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_f18920660e7411de92de000bcdc1757a.nasl - Type : ACT_GATHER_INFO |
2008-11-25 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_38761.nasl - Type : ACT_GATHER_INFO |
2008-11-16 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-5767.nasl - Type : ACT_GATHER_INFO |
2008-11-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0967.nasl - Type : ACT_GATHER_INFO |
2008-11-05 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-5648.nasl - Type : ACT_GATHER_INFO |
2008-11-05 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-5629.nasl - Type : ACT_GATHER_INFO |
2008-11-05 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-5628.nasl - Type : ACT_GATHER_INFO |
2008-10-16 | Name : The remote web server is vulnerable to a cross-site scripting attack. File : apache_mod_proxy_ftp_glob_xss.nasl - Type : ACT_ATTACK |
2008-10-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-007.nasl - Type : ACT_GATHER_INFO |
2008-08-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6393.nasl - Type : ACT_GATHER_INFO |
2008-08-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6314.nasl - Type : ACT_GATHER_INFO |
2008-07-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-210-02.nasl - Type : ACT_GATHER_INFO |
2008-07-11 | Name : The remote web server may be affected by several issues. File : apache_2_2_9.nasl - Type : ACT_GATHER_INFO |
2008-07-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200807-06.nasl - Type : ACT_GATHER_INFO |
2008-06-24 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_c84dc9ad41f711dda4f900163e000016.nasl - Type : ACT_GATHER_INFO |
2008-05-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-003.nasl - Type : ACT_GATHER_INFO |
2008-05-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_3.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-5127.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-5126.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-5125.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-5128.nasl - Type : ACT_GATHER_INFO |
2008-03-19 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-002.nasl - Type : ACT_GATHER_INFO |
2008-03-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200803-19.nasl - Type : ACT_GATHER_INFO |
2008-03-07 | Name : The remote web server may be affected by several issues. File : apache_1_3_41.nasl - Type : ACT_GATHER_INFO |
2008-03-07 | Name : The remote web server is affected by multiple cross-site scripting vulnerabil... File : apache_2_0_63.nasl - Type : ACT_GATHER_INFO |
2008-02-20 | Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_2_8.nasl - Type : ACT_GATHER_INFO |
2008-02-18 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-045-02.nasl - Type : ACT_GATHER_INFO |
2008-02-18 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1695.nasl - Type : ACT_GATHER_INFO |
2008-02-18 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1711.nasl - Type : ACT_GATHER_INFO |
2008-02-18 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-045-01.nasl - Type : ACT_GATHER_INFO |
2008-02-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-575-1.nasl - Type : ACT_GATHER_INFO |
2008-01-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0008.nasl - Type : ACT_GATHER_INFO |
2008-01-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0006.nasl - Type : ACT_GATHER_INFO |
2008-01-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0005.nasl - Type : ACT_GATHER_INFO |
2008-01-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0004.nasl - Type : ACT_GATHER_INFO |
2008-01-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0005.nasl - Type : ACT_GATHER_INFO |
2008-01-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0006.nasl - Type : ACT_GATHER_INFO |