Executive Summary
Summary | |
---|---|
Title | HP-UX Running Apache-based Web Server, Remote Denial of Service (DoS), Unauthorized Access |
Informations | |||
---|---|---|---|
Name | HPSBUX02531 SSRT100108 | First vendor Publication | 2010-06-02 |
Vendor | HP | Last vendor Modification | 2010-06-02 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite. |
Original Source
Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02160663 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-20 | Improper Input Validation |
25 % | CWE-476 | NULL Pointer Dereference |
25 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10358 | |||
Oval ID: | oval:org.mitre.oval:def:10358 | ||
Title: | The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. | ||
Description: | The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0434 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10981 | |||
Oval ID: | oval:org.mitre.oval:def:10981 | ||
Title: | The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. | ||
Description: | The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3094 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13227 | |||
Oval ID: | oval:org.mitre.oval:def:13227 | ||
Title: | DSA-2035-1 apache2 -- multiple issues | ||
Description: | Two issues have been found in the Apache HTTPD web server: CVE-2010-0408 mod_proxy_ajp would return the wrong status code if it encountered an error, causing a backend server to be put into an error state until the retry timeout expired. A remote attacker could send malicious requests to trigger this issue, resulting in denial of service. CVE-2010-0434 A flaw in the core subrequest process code was found, which could lead to a daemon crash or disclosure of sensitive information if the headers of a subrequest were modified by modules such as mod_headers. For the stable distribution, these problems have been fixed in version 2.2.9-10+lenny7. For the testing distribution and the unstable distribution, these problems have been fixed in version 2.2.15-1. This advisory also provides updated apache2-mpm-itk packages which have been recompiled against the new apache2 packages. We recommend that you upgrade your apache2 and apache2-mpm-itk packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2035-1 CVE-2010-0408 CVE-2010-0434 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | apache2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20741 | |||
Oval ID: | oval:org.mitre.oval:def:20741 | ||
Title: | "Record of death" vulnerability | ||
Description: | The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0740 | Version: | 4 |
Platform(s): | IBM AIX 6.1 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20886 | |||
Oval ID: | oval:org.mitre.oval:def:20886 | ||
Title: | "Record of death" vulnerability | ||
Description: | The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0433 | Version: | 4 |
Platform(s): | IBM AIX 6.1 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21223 | |||
Oval ID: | oval:org.mitre.oval:def:21223 | ||
Title: | RHSA-2010:0168: httpd security and enhancement update (Moderate) | ||
Description: | The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0168-01 CESA-2010:0168 CVE-2010-0408 CVE-2010-0434 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | httpd |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22196 | |||
Oval ID: | oval:org.mitre.oval:def:22196 | ||
Title: | RHSA-2010:0162: openssl security update (Important) | ||
Description: | The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0162-01 CESA-2010:0162 CVE-2009-3245 CVE-2009-3555 CVE-2010-0433 | Version: | 42 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22685 | |||
Oval ID: | oval:org.mitre.oval:def:22685 | ||
Title: | ELSA-2010:0168: httpd security and enhancement update (Moderate) | ||
Description: | The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0168-01 CVE-2010-0408 CVE-2010-0434 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | httpd |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23054 | |||
Oval ID: | oval:org.mitre.oval:def:23054 | ||
Title: | ELSA-2010:0162: openssl security update (Important) | ||
Description: | The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0162-01 CVE-2009-3245 CVE-2009-3555 CVE-2010-0433 | Version: | 17 |
Platform(s): | Oracle Linux 5 | Product(s): | openssl |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24792 | |||
Oval ID: | oval:org.mitre.oval:def:24792 | ||
Title: | Vulnerability in OpenSSL before 0.9.8n, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) | ||
Description: | The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0433 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25065 | |||
Oval ID: | oval:org.mitre.oval:def:25065 | ||
Title: | Vulnerability in OpenSSL 0.9.8f through 0.9.8m, allows remote attackers to cause a denial of service (crash) | ||
Description: | The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0740 | Version: | 4 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27438 | |||
Oval ID: | oval:org.mitre.oval:def:27438 | ||
Title: | DEPRECATED: ELSA-2010-0168 -- httpd security and enhancement update (moderate) | ||
Description: | [2.2.3-31.0.1.el5_4.4] - Replace index.html with Oracle's index page oracle_index.html - Update vstring and distro in specfile [2.2.3-31.4] - require and BR a version of OpenSSL with the secure reneg API (#567980) [2.2.3-31.3] - mod_ssl: add SSLInsecureRenegotiation (#567980) - add security fixes for CVE-2010-0408, CVE-2010-0434 (#570440) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0168 CVE-2010-0408 CVE-2010-0434 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | httpd |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6718 | |||
Oval ID: | oval:org.mitre.oval:def:6718 | ||
Title: | VMware ESX, Service Console update for OpenSSL, GnuTLS, NSS and NSPR. | ||
Description: | The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0433 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8087 | |||
Oval ID: | oval:org.mitre.oval:def:8087 | ||
Title: | Apache mod_proxy_ftp Module Insufficient Input Validation Denial Of Service Vulnerability | ||
Description: | The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3094 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Apache |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8619 | |||
Oval ID: | oval:org.mitre.oval:def:8619 | ||
Title: | Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability | ||
Description: | The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0408 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Apache |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8662 | |||
Oval ID: | oval:org.mitre.oval:def:8662 | ||
Title: | Apache mod_proxy_ftp Module Insufficient Input Validation Access Restriction Bypass Vulnerability | ||
Description: | The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3095 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Apache |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8695 | |||
Oval ID: | oval:org.mitre.oval:def:8695 | ||
Title: | Apache HTTP Server request header information disclosure | ||
Description: | The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0434 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Apache |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9363 | |||
Oval ID: | oval:org.mitre.oval:def:9363 | ||
Title: | The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. | ||
Description: | The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3095 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9856 | |||
Oval ID: | oval:org.mitre.oval:def:9856 | ||
Title: | The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot. | ||
Description: | The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0433 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9935 | |||
Oval ID: | oval:org.mitre.oval:def:9935 | ||
Title: | The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code. | ||
Description: | The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0408 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2010-04-22 | OpenSSL remote DoS |
OpenVAS Exploits
Date | Description |
---|---|
2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-25 (apache) File : nvt/glsa_201206_25.nasl |
2012-03-16 | Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-01 (openssl) File : nvt/glsa_201110_01.nasl |
2011-09-07 | Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007) File : nvt/gb_macosx_su10-007.nasl |
2011-08-19 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-004) File : nvt/secpod_macosx_su11-004.nasl |
2011-08-09 | Name : CentOS Update for httpd CESA-2009:1579 centos3 i386 File : nvt/gb_CESA-2009_1579_httpd_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for httpd CESA-2009:1579 centos5 i386 File : nvt/gb_CESA-2009_1579_httpd_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for httpd CESA-2009:1580 centos4 i386 File : nvt/gb_CESA-2009_1580_httpd_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for openssl CESA-2010:0162 centos5 i386 File : nvt/gb_CESA-2010_0162_openssl_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for httpd CESA-2010:0168 centos5 i386 File : nvt/gb_CESA-2010_0168_httpd_centos5_i386.nasl |
2010-06-25 | Name : Fedora Update for openssl FEDORA-2010-9421 File : nvt/gb_fedora_2010_9421_openssl_fc11.nasl |
2010-06-07 | Name : HP-UX Update for Apache-based Web Server HPSBUX02531 File : nvt/gb_hp_ux_HPSBUX02531.nasl |
2010-06-07 | Name : Fedora Update for httpd FEDORA-2010-6055 File : nvt/gb_fedora_2010_6055_httpd_fc12.nasl |
2010-05-28 | Name : Fedora Update for openssl FEDORA-2010-8742 File : nvt/gb_fedora_2010_8742_openssl_fc12.nasl |
2010-05-12 | Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002 File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl |
2010-05-07 | Name : Fedora Update for httpd FEDORA-2010-6131 File : nvt/gb_fedora_2010_6131_httpd_fc11.nasl |
2010-04-30 | Name : HP-UX Update for OpenSSL HPSBUX02517 File : nvt/gb_hp_ux_HPSBUX02517.nasl |
2010-04-29 | Name : Mandriva Update for openssl MDVSA-2010:076-1 (openssl) File : nvt/gb_mandriva_MDVSA_2010_076_1.nasl |
2010-04-20 | Name : OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability File : nvt/gb_openssl_39013.nasl |
2010-04-20 | Name : OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnera... File : nvt/gb_openssl_38533.nasl |
2010-04-19 | Name : Mandriva Update for openssl MDVSA-2010:076 (openssl) File : nvt/gb_mandriva_MDVSA_2010_076.nasl |
2010-04-19 | Name : Fedora Update for openssl FEDORA-2010-5357 File : nvt/gb_fedora_2010_5357_openssl_fc11.nasl |
2010-03-31 | Name : RedHat Update for httpd RHSA-2010:0175-01 File : nvt/gb_RHSA-2010_0175-01_httpd.nasl |
2010-03-31 | Name : CentOS Update for httpd CESA-2010:0175 centos4 i386 File : nvt/gb_CESA-2010_0175_httpd_centos4_i386.nasl |
2010-03-31 | Name : RedHat Update for openssl RHSA-2010:0162-01 File : nvt/gb_RHSA-2010_0162-01_openssl.nasl |
2010-03-31 | Name : RedHat Update for httpd RHSA-2010:0168-01 File : nvt/gb_RHSA-2010_0168-01_httpd.nasl |
2010-03-12 | Name : Mandriva Update for apache MDVSA-2010:053 (apache) File : nvt/gb_mandriva_MDVSA_2010_053.nasl |
2010-03-12 | Name : Mandriva Update for apache MDVSA-2010:057 (apache) File : nvt/gb_mandriva_MDVSA_2010_057.nasl |
2010-03-12 | Name : Ubuntu Update for apache2 vulnerabilities USN-908-1 File : nvt/gb_ubuntu_USN_908_1.nasl |
2010-03-10 | Name : OpenSSL 'kssl_keytab_is_available()' Denial Of Service Vulnerability (Win) File : nvt/gb_openssl_sslkss_dos_vuln_win.nasl |
2010-03-04 | Name : Apache Multiple Security Vulnerabilities File : nvt/gb_apache_38494.nasl |
2010-03-02 | Name : Mandriva Update for rsh MDVA-2010:076 (rsh) File : nvt/gb_mandriva_MDVA_2010_076.nasl |
2010-03-02 | Name : Fedora Update for httpd FEDORA-2009-12747 File : nvt/gb_fedora_2009_12747_httpd_fc11.nasl |
2010-02-15 | Name : Mandriva Update for mmc-wizard MDVA-2010:053 (mmc-wizard) File : nvt/gb_mandriva_MDVA_2010_053.nasl |
2010-02-15 | Name : Mandriva Update for nuface MDVA-2010:057 (nuface) File : nvt/gb_mandriva_MDVA_2010_057.nasl |
2009-12-30 | Name : Fedora Core 12 FEDORA-2009-12606 (httpd) File : nvt/fcore_2009_12606.nasl |
2009-12-14 | Name : Fedora Core 10 FEDORA-2009-12604 (httpd) File : nvt/fcore_2009_12604.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:323 (apache) File : nvt/mdksa_2009_323.nasl |
2009-11-17 | Name : CentOS Security Advisory CESA-2009:1579 (httpd) File : nvt/ovcesa2009_1579.nasl |
2009-11-17 | Name : CentOS Security Advisory CESA-2009:1580 (httpd) File : nvt/ovcesa2009_1580.nasl |
2009-11-17 | Name : RedHat Security Advisory RHSA-2009:1579 File : nvt/RHSA_2009_1579.nasl |
2009-11-17 | Name : RedHat Security Advisory RHSA-2009:1580 File : nvt/RHSA_2009_1580.nasl |
2009-10-27 | Name : SLES10: Security update for Apache 2 File : nvt/sles10_apache21.nasl |
2009-10-27 | Name : SLES11: Security update for Apache 2 File : nvt/sles11_apache2.nasl |
2009-10-27 | Name : SLES9: Security update for Apache 2 File : nvt/sles9p5060942.nasl |
2009-10-27 | Name : SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1) File : nvt/suse_sa_2009_050.nasl |
2009-09-28 | Name : Mandrake Security Advisory MDVSA-2009:240 (apache) File : nvt/mdksa_2009_240.nasl |
2009-09-28 | Name : RedHat Security Advisory RHSA-2009:1461 File : nvt/RHSA_2009_1461.nasl |
2009-09-16 | Name : Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux) File : nvt/secpod_apache_mod_proxy_ftp_cmd_inj_vuln.nasl |
2009-09-16 | Name : Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux) File : nvt/secpod_apache_mod_proxy_ftp_dos_vuln.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-090-01 openssl File : nvt/esoft_slk_ssa_2010_090_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-067-01 httpd File : nvt/esoft_slk_ssa_2010_067_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-024-01 httpd File : nvt/esoft_slk_ssa_2010_024_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
63299 | OpenSSL ssl/s3_pkt.c ssl3_get_record Function TLS Connection Record Remote DoS |
62719 | OpenSSL Kerberos ssl/kssl.c kssk_keytab_is_available() Function NULL Derefere... |
62676 | Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS |
62675 | Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling C... |
57882 | Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Comm... |
57851 | Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS Apache mod_proxy_ftp module contains a flaw that may allow a Remote denial of service. The issue is triggered when NULL-pointer dereference occurs, and will result in loss of availability for Apache child process via a malformed EPSV response. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-05-12 | IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0027158 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | OpenSSL TLS connection record handling denial of service attempt RuleID : 18714 - Revision : 8 - Type : SERVER-OTHER |
2014-01-10 | OpenSSL TLS connection record handling denial of service attempt RuleID : 18713 - Revision : 9 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0015_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0008.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0007.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL11533.nasl - Type : ACT_GATHER_INFO |
2014-04-16 | Name : The remote AIX host is running a vulnerable version of OpenSSL. File : aix_openssl_advisory.nasl - Type : ACT_GATHER_INFO |
2013-08-11 | Name : The remote web server may be affected by multiple vulnerabilities. File : oracle_http_server_cpu_jul_2013.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1580.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0175.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0168.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0162.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1579.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1579.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1580.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091111_httpd_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_httpd_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_httpd_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-06-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-25.nasl - Type : ACT_GATHER_INFO |
2011-10-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-01.nasl - Type : ACT_GATHER_INFO |
2011-06-24 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_6_8.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-100413.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_0_64.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote web server is affected by multiple vulnerabilities File : apache_2_2_15.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-6572.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-6987.nasl - Type : ACT_GATHER_INFO |
2010-10-04 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0015.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-8742.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6131.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6055.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-5942.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-5744.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-5357.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12747.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0168.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0162.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0175.nasl - Type : ACT_GATHER_INFO |
2010-04-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_apache2-100413.nasl - Type : ACT_GATHER_INFO |
2010-04-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_apache2-100413.nasl - Type : ACT_GATHER_INFO |
2010-04-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-6984.nasl - Type : ACT_GATHER_INFO |
2010-04-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_apache2-100413.nasl - Type : ACT_GATHER_INFO |
2010-04-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2035.nasl - Type : ACT_GATHER_INFO |
2010-04-19 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-076.nasl - Type : ACT_GATHER_INFO |
2010-04-02 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-090-01.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0162.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0168.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0175.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO |
2010-03-26 | Name : The remote web server has multiple SSL-related vulnerabilities. File : openssl_0_9_8n.nasl - Type : ACT_GATHER_INFO |
2010-03-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-908-1.nasl - Type : ACT_GATHER_INFO |
2010-03-09 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-067-01.nasl - Type : ACT_GATHER_INFO |
2010-03-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-057.nasl - Type : ACT_GATHER_INFO |
2010-03-03 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-053.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1934.nasl - Type : ACT_GATHER_INFO |
2010-01-25 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-024-01.nasl - Type : ACT_GATHER_INFO |
2009-12-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12606.nasl - Type : ACT_GATHER_INFO |
2009-12-10 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12604.nasl - Type : ACT_GATHER_INFO |
2009-12-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-323.nasl - Type : ACT_GATHER_INFO |
2009-11-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-860-1.nasl - Type : ACT_GATHER_INFO |
2009-11-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1580.nasl - Type : ACT_GATHER_INFO |
2009-11-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1579.nasl - Type : ACT_GATHER_INFO |
2009-10-30 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-6576.nasl - Type : ACT_GATHER_INFO |
2009-10-26 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12526.nasl - Type : ACT_GATHER_INFO |
2009-10-26 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-6571.nasl - Type : ACT_GATHER_INFO |
2009-10-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_apache2-091020.nasl - Type : ACT_GATHER_INFO |
2009-10-26 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-091020.nasl - Type : ACT_GATHER_INFO |
2009-10-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_apache2-091020.nasl - Type : ACT_GATHER_INFO |
2009-10-07 | Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_2_14.nasl - Type : ACT_GATHER_INFO |
2009-09-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-240.nasl - Type : ACT_GATHER_INFO |