Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
Informations
Name HPSBUX03150 SSRT101681 First vendor Publication 2014-10-20
Vendor HP Last vendor Modification 2014-10-20
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Cvss Base Score 5.8 Attack Range Network
Cvss Impact Score 4.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities.

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c04483248

CWE : Common Weakness Enumeration

% Id Name
57 % CWE-20 Improper Input Validation
29 % CWE-189 Numeric Errors (CWE/SANS Top 25)
14 % CWE-59 Improper Link Resolution Before File Access ('Link Following')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18760
 
Oval ID: oval:org.mitre.oval:def:18760
Title: DSA-2742-1 php5 - interpretation conflict
Description: It was discovered that PHP, a general-purpose scripting language commonly used for web application development, did not properly process embedded NUL characters in the subjectAltName extension of X.509 certificates. Depending on the application and with insufficient CA-level checks, this could be abused for impersonating other users.
Family: unix Class: patch
Reference(s): DSA-2742-1
CVE-2013-4248
Version: 8
Platform(s): Debian GNU/Linux 6.0
Debian GNU/Linux 7
Debian GNU/kFreeBSD 6.0
Debian GNU/kFreeBSD 7
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18927
 
Oval ID: oval:org.mitre.oval:def:18927
Title: USN-1937-1 -- php5 vulnerability
Description: Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.
Family: unix Class: patch
Reference(s): USN-1937-1
CVE-2013-4248
Version: 7
Platform(s): Ubuntu 13.04
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 10.04
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21114
 
Oval ID: oval:org.mitre.oval:def:21114
Title: RHSA-2013:1307: php53 security, bug fix and enhancement update (Moderate)
Description: The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Family: unix Class: patch
Reference(s): RHSA-2013:1307-01
CESA-2013:1307
CVE-2006-7243
CVE-2011-1398
CVE-2012-0831
CVE-2012-2688
CVE-2013-1643
CVE-2013-4248
Version: 87
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): php53
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23222
 
Oval ID: oval:org.mitre.oval:def:23222
Title: ELSA-2013:1307: php53 security, bug fix and enhancement update (Moderate)
Description: The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Family: unix Class: patch
Reference(s): ELSA-2013:1307-01
CVE-2006-7243
CVE-2011-1398
CVE-2012-0831
CVE-2012-2688
CVE-2013-1643
CVE-2013-4248
Version: 29
Platform(s): Oracle Linux 5
Product(s): php53
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23810
 
Oval ID: oval:org.mitre.oval:def:23810
Title: USN-2152-1 -- apache2 vulnerabilities
Description: Apache HTTP server could be made to crash if it received specially crafted network traffic.
Family: unix Class: patch
Reference(s): USN-2152-1
CVE-2013-6438
CVE-2014-0098
Version: 5
Platform(s): Ubuntu 13.10
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 10.04
Product(s): apache2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24067
 
Oval ID: oval:org.mitre.oval:def:24067
Title: RHSA-2014:0370: httpd security update (Moderate)
Description: The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.
Family: unix Class: patch
Reference(s): RHSA-2014:0370-00
CESA-2014:0370
CVE-2013-6438
CVE-2014-0098
Version: 5
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24101
 
Oval ID: oval:org.mitre.oval:def:24101
Title: Apache HTTP vulnerability before 2.2.27 or before 2.4.8 in VisualSVN Server (CVE-2014-0098)
Description: The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0098
Version: 5
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): VisualSVN Server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24283
 
Oval ID: oval:org.mitre.oval:def:24283
Title: Apache HTTP vulnerability before 2.2.27 or before 2.4.8 in VisualSVN Server (CVE-2013-6438)
Description: The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.
Family: windows Class: vulnerability
Reference(s): CVE-2013-6438
Version: 5
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): VisualSVN Server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24331
 
Oval ID: oval:org.mitre.oval:def:24331
Title: ELSA-2014:0369: httpd security update (Moderate)
Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module (for example when using the mod_dav_svn module), a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. (CVE-2013-6438) A buffer over-read flaw was found in the httpd mod_log_config module. In configurations where cookie logging is enabled (on Red Hat Enterprise Linux it is disabled by default), a remote attacker could use this flaw to crash the httpd child process via an HTTP request with a malformed cookie header. (CVE-2014-0098) All httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.
Family: unix Class: patch
Reference(s): ELSA-2014:0369-00
CVE-2013-6438
CVE-2014-0098
Version: 6
Platform(s): Oracle Linux 5
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24427
 
Oval ID: oval:org.mitre.oval:def:24427
Title: RHSA-2014:0827: tomcat security update (Moderate)
Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075) It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security. All Tomcat 7 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0827-00
CVE-2014-0075
CVE-2014-0096
CVE-2014-0099
Version: 4
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
Product(s): tomcat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24499
 
Oval ID: oval:org.mitre.oval:def:24499
Title: RHSA-2014:0369: httpd security update (Moderate)
Description: The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.
Family: unix Class: patch
Reference(s): RHSA-2014:0369-00
CESA-2014:0369
CVE-2013-6438
CVE-2014-0098
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24542
 
Oval ID: oval:org.mitre.oval:def:24542
Title: ELSA-2014:0370: httpd security update (Moderate)
Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module (for example when using the mod_dav_svn module), a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. (CVE-2013-6438) A buffer over-read flaw was found in the httpd mod_log_config module. In configurations where cookie logging is enabled (on Red Hat Enterprise Linux it is disabled by default), a remote attacker could use this flaw to crash the httpd child process via an HTTP request with a malformed cookie header. (CVE-2014-0098) All httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.
Family: unix Class: patch
Reference(s): ELSA-2014:0370-00
CVE-2013-6438
CVE-2014-0098
Version: 6
Platform(s): Oracle Linux 6
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24883
 
Oval ID: oval:org.mitre.oval:def:24883
Title: RHSA-2014:0865: tomcat6 security and bug fix update (Moderate)
Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075) It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security. This update also fixes the following bugs: * The patch that resolved the CVE-2014-0050 issue contained redundant code. This update removes the redundant code. (BZ#1094528) * The patch that resolved the CVE-2013-4322 issue contained an invalid check that triggered a java.io.EOFException while reading trailer headers for chunked requests. This update fixes the check and the aforementioned exception is no longer triggered in the described scenario. (BZ#1095602) All Tomcat 6 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0865-00
CESA-2014:0865
CVE-2014-0075
CVE-2014-0096
CVE-2014-0099
Version: 3
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25013
 
Oval ID: oval:org.mitre.oval:def:25013
Title: DEPRECATED: RHSA-2014:0865: tomcat6 security and bug fix update (Moderate)
Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075) It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security. This update also fixes the following bugs: * The patch that resolved the CVE-2014-0050 issue contained redundant code. This update removes the redundant code. (BZ#1094528) * The patch that resolved the CVE-2013-4322 issue contained an invalid check that triggered a java.io.EOFException while reading trailer headers for chunked requests. This update fixes the check and the aforementioned exception is no longer triggered in the described scenario. (BZ#1095602) All Tomcat 6 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0865-00
CESA-2014:0865
CVE-2014-0075
CVE-2014-0096
CVE-2014-0099
Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25081
 
Oval ID: oval:org.mitre.oval:def:25081
Title: SUSE-SU-2014:0062-1 -- Security update for PHP5
Description: This update fixes the following issues: * memory corruption in openssl_parse_x509 (CVE-2013-6420) * man-in-the-middle attacks by specially crafting certificates (CVE-2013-4248)
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0062-1
CVE-2013-6420
CVE-2013-4248
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): PHP5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25595
 
Oval ID: oval:org.mitre.oval:def:25595
Title: SUSE-SU-2014:0064-1 -- Security update for PHP5
Description: This update fixes the following issues: * memory corruption in openssl_parse_x509 (CVE-2013-6420) * Heap buffer over-read in DateInterval (CVE-2013-6712) * man-in-the-middle attacks by specially crafting certificates (CVE-2013-4248)
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0064-1
CVE-2013-6420
CVE-2013-6712
CVE-2013-4248
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): PHP5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25611
 
Oval ID: oval:org.mitre.oval:def:25611
Title: SUSE-SU-2014:0063-1 -- Security update for PHP5
Description: This update fixes the following issues: * memory corruption in openssl_parse_x509 (CVE-2013-6420) * Heap buffer over-read in DateInterval (CVE-2013-6712) * man-in-the-middle attacks by specially crafting certificates (CVE-2013-4248)
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0063-1
CVE-2013-6420
CVE-2013-6712
CVE-2013-4248
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): PHP5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26063
 
Oval ID: oval:org.mitre.oval:def:26063
Title: USN-2302-1 -- tomcat6, tomcat7 vulnerabilities
Description: Several security issues were fixed in Tomcat.
Family: unix Class: patch
Reference(s): USN-2302-1
CVE-2014-0075
CVE-2014-0096
CVE-2014-0099
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04
Product(s): tomcat7
tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26232
 
Oval ID: oval:org.mitre.oval:def:26232
Title: SUSE-SU-2014:0873-1 -- Security update for PHP5
Description: PHP5 has been updated to fix four security vulnerabilities.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0873-1
CVE-2014-4049
CVE-2014-2497
CVE-2013-6420
CVE-2013-4248
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
Product(s): PHP5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26428
 
Oval ID: oval:org.mitre.oval:def:26428
Title: HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
Description: The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Family: unix Class: vulnerability
Reference(s): CVE-2013-4248
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26498
 
Oval ID: oval:org.mitre.oval:def:26498
Title: SUSE-SU-2014:1080-1 -- Security update for apache2
Description: This apache2 update fixes the following security and non security issues: * mod_cgid denial of service (CVE-2014-0231, bnc#887768) * mod_status heap-based buffer overflow (CVE-2014-0226, bnc#887765) * mod_dav denial of service (CVE-2013-6438, bnc#869105) * log_cookie mod_log_config.c remote denial of service (CVE-2014-0098, bnc#869106) * Support ECDH in Apache2 (bnc#859916) Security Issues: * CVE-2014-0098 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098> * CVE-2013-6438 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438> * CVE-2014-0226 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226> * CVE-2014-0231 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1080-1
CVE-2014-0231
CVE-2014-0226
CVE-2013-6438
CVE-2014-0098
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): apache2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26666
 
Oval ID: oval:org.mitre.oval:def:26666
Title: DEPRECATED: ELSA-2014-0370 -- httpd security update (Moderate)
Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module (for example when using the mod_dav_svn module), a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the &quot;apache&quot; user. (CVE-2013-6438) A buffer over-read flaw was found in the httpd mod_log_config module. In configurations where cookie logging is enabled (on Red Hat Enterprise Linux it is disabled by default), a remote attacker could use this flaw to crash the httpd child process via an HTTP request with a malformed cookie header. (CVE-2014-0098) All httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.
Family: unix Class: patch
Reference(s): ELSA-2014-0370
CVE-2013-6438
CVE-2014-0098
Version: 4
Platform(s): Oracle Linux 6
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26803
 
Oval ID: oval:org.mitre.oval:def:26803
Title: DEPRECATED: ELSA-2014-0369 -- httpd security update (Moderate)
Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module (for example when using the mod_dav_svn module), a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the &quot;apache&quot; user. (CVE-2013-6438) A buffer over-read flaw was found in the httpd mod_log_config module. In configurations where cookie logging is enabled (on Red Hat Enterprise Linux it is disabled by default), a remote attacker could use this flaw to crash the httpd child process via an HTTP request with a malformed cookie header. (CVE-2014-0098) All httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.
Family: unix Class: patch
Reference(s): ELSA-2014-0369
CVE-2014-0098
CVE-2013-6438
Version: 4
Platform(s): Oracle Linux 5
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26845
 
Oval ID: oval:org.mitre.oval:def:26845
Title: SUSE-SU-2014:1081-1 -- Security update for apache2
Description: This apache2 update fixes the following security and non-security issues: * mod_cgid denial of service (CVE-2014-0231, bnc#887768) * mod_status heap-based buffer overflow (CVE-2014-0226, bnc#887765) * mod_dav denial of service (CVE-2013-6438, bnc#869105) * log_cookie mod_log_config.c remote denial of service (CVE-2014-0098, bnc#869106) * Support ECDH in Apache2 (bnc#859916) * apache fails to start with SSL on Xen kernel at boot time (bnc#852401) Security Issues: * CVE-2014-0098 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098> * CVE-2013-6438 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438> * CVE-2014-0226 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226> * CVE-2014-0231 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1081-1
CVE-2014-0231
CVE-2014-0226
CVE-2013-6438
CVE-2014-0098
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): apache2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26848
 
Oval ID: oval:org.mitre.oval:def:26848
Title: HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
Description: Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
Family: unix Class: vulnerability
Reference(s): CVE-2013-4286
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26889
 
Oval ID: oval:org.mitre.oval:def:26889
Title: HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
Description: The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0098
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26966
 
Oval ID: oval:org.mitre.oval:def:26966
Title: HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
Description: acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.
Family: unix Class: vulnerability
Reference(s): CVE-2014-3981
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26971
 
Oval ID: oval:org.mitre.oval:def:26971
Title: HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
Description: Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0099
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27044
 
Oval ID: oval:org.mitre.oval:def:27044
Title: RHSA-2013:1615 -- php security, bug fix, and enhancement update (Moderate)
Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243) A flaw was found in PHP&#39;s SSL client&#39;s hostname identity check when handling certificates that contain hostnames with NULL bytes. If an attacker was able to get a carefully crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate to conduct man-in-the-middle attacks to spoof SSL servers. (CVE-2013-4248) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension. (CVE-2013-1643) This update fixes the following bugs: * Previously, when the allow_call_time_pass_reference setting was disabled, a virtual host on the Apache server could terminate with a segmentation fault when attempting to process certain PHP content. This bug has been fixed and virtual hosts no longer crash when allow_call_time_pass_reference is off. (BZ#892158, BZ#910466) * Prior to this update, if an error occurred during the operation of the fclose(), file_put_contents(), or copy() function, the function did not report it. This could have led to data loss. With this update, the aforementioned functions have been modified to properly report any errors. (BZ#947429) * The internal buffer for the SQLSTATE error code can store maximum of 5 characters. Previously, when certain calls exceeded this limit, a buffer overflow occurred. With this update, messages longer than 5 characters are automatically replaced with the default &quot;HY000&quot; string, thus preventing the overflow. (BZ#969110) In addition, this update adds the following enhancement: * This update adds the following rpm macros to the php package: %__php, %php_inidir, %php_incldir. (BZ#953814) Users of php are advised to upgrade to these updated packages, which fix these bugs and add this enhancement. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2013:1615
CESA-2013:1615
CVE-2006-7243
CVE-2013-1643
CVE-2013-4248
Version: 3
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27100
 
Oval ID: oval:org.mitre.oval:def:27100
Title: HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
Description: Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0075
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27231
 
Oval ID: oval:org.mitre.oval:def:27231
Title: HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
Description: The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.
Family: unix Class: vulnerability
Reference(s): CVE-2013-6438
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27263
 
Oval ID: oval:org.mitre.oval:def:27263
Title: ELSA-2014-0827 -- tomcat security update (moderate)
Description: [0:7.0.42-6] - Resolves: CVE-2014-0099 Fix possible overflow when parsing - long values from byte array - Resolves: CVE-2014-0096 Information discloser process XSLT - files not subject to same constraint running under - java security manager - Resolves: CVE-2014-0075 Avoid overflow in ChunkedInputFilter.
Family: unix Class: patch
Reference(s): ELSA-2014-0827
CVE-2014-0075
CVE-2014-0096
CVE-2014-0099
Version: 3
Platform(s): Oracle Linux 7
Product(s): tomcat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27293
 
Oval ID: oval:org.mitre.oval:def:27293
Title: ELSA-2014-0865 -- tomcat6 security and bug fix update (moderate)
Description: [0:6.0.24-72] - Related: CVE-2014-0075 - rebuild to generate javadoc - correctly. previous build generated 0-length javadoc [0:6.0.24-69] - Related: CVE-2014-0075 incomplete [0:6.0.24-68] - Related: CVE-2013-4322. arches needs to be specified - as in arches noarch, so docs/webapps will produce - full files. building for ppc will generate empty - javadoc. [0:6.0.24-67] - Related: CVE-2014-0050 - Related: CVE-2013-4322 [0:6.0.24-66] - Resolves: CVE-2014-0099 - Resolves: CVE-2014-0096 - Resolves: CVE-2014-0075 [0:6.0.24-65] - Related: CVE-2014-0050 copy paste error
Family: unix Class: patch
Reference(s): ELSA-2014-0865
CVE-2014-0075
CVE-2014-0096
CVE-2014-0099
Version: 3
Platform(s): Oracle Linux 6
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27418
 
Oval ID: oval:org.mitre.oval:def:27418
Title: DEPRECATED: ELSA-2013-1307 -- php53 security, bug fix and enhancement update (moderate)
Description: [5.3.3-21] - add security fix for CVE-2013-4248
Family: unix Class: patch
Reference(s): ELSA-2013-1307
CVE-2011-1398
CVE-2012-0831
CVE-2012-2688
CVE-2006-7243
CVE-2013-1643
CVE-2013-4248
Version: 4
Platform(s): Oracle Linux 5
Product(s): php53
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27442
 
Oval ID: oval:org.mitre.oval:def:27442
Title: ELSA-2013-1615 -- php security, bug fix, and enhancement update (moderate)
Description: [5.3.3-26] - add security fix for CVE-2013-4248 [5.3.3-25] - rename patch to math CVE-2010-3709 name - add security fixes for CVE-2006-7243, CVE-2013-1643 [5.3.3-24] - fix buffer overflow in _pdo_pgsql_error (#969110) - fix double free when destroy_zend_class fails (#910466) - fix segfault in error_handler with allow_call_time_pass_reference = Off (#892158) - fix copy doesn't report failure on partial copy (#947428) - add rpm macros for packagers: %php_inidir, %php_incldir and %__php (#953814)
Family: unix Class: patch
Reference(s): ELSA-2013-1615
CVE-2006-7243
CVE-2013-1643
CVE-2013-4248
Version: 3
Platform(s): Oracle Linux 6
Product(s): php
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 222
Application 249
Application 553
Os 4
Os 1

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-07-16 IAVM : 2015-A-0149 - Multiple Vulnerabilities in Juniper Networks and Security Manager(NSM) Appliance
Severity : Category I - VMSKEY : V0061101
2015-06-25 IAVM : 2015-B-0083 - Multiple Vulnerabilities in IBM Storwize V7000 Unified
Severity : Category I - VMSKEY : V0060983
2014-07-03 IAVM : 2014-B-0086 - Multiple Vulnerabilities in PHP
Severity : Category I - VMSKEY : V0052897
2014-06-19 IAVM : 2014-A-0084 - Multiple Vulnerabilities in Apache HTTP Server
Severity : Category I - VMSKEY : V0052631
2014-05-29 IAVM : 2014-B-0063 - Multiple Vulnerabilities in Apache Tomcat
Severity : Category I - VMSKEY : V0051613
2014-05-29 IAVM : 2014-B-0065 - Multiple Vulnerabilities in IBM WebSphere Application Server
Severity : Category I - VMSKEY : V0051617
2014-02-27 IAVM : 2014-B-0019 - Multiple Vulnerabilities in Apache Tomcat
Severity : Category I - VMSKEY : V0044527
2014-02-27 IAVM : 2014-A-0030 - Apple Mac OS X Security Update 2014-001
Severity : Category I - VMSKEY : V0044547
2013-08-22 IAVM : 2013-B-0093 - Multiple Vulnerabilities in PHP
Severity : Category I - VMSKEY : V0040108

Snort® IPS/IDS

Date Description
2019-10-17 Apache cookie logging denial of service attempt
RuleID : 51547 - Revision : 1 - Type : SERVER-APACHE
2014-11-16 http POST request smuggling attempt
RuleID : 31213 - Revision : 2 - Type : INDICATOR-COMPROMISE
2014-11-16 http GET request smuggling attempt
RuleID : 31212 - Revision : 2 - Type : INDICATOR-COMPROMISE

Nessus® Vulnerability Scanner

Date Description
2016-06-23 Name : The remote device is affected by multiple vulnerabilities.
File : juniper_space_jsa10698.nasl - Type : ACT_GATHER_INFO
2016-03-28 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3530.nasl - Type : ACT_GATHER_INFO
2016-01-19 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3447.nasl - Type : ACT_GATHER_INFO
2015-07-20 Name : The remote host is affected by multiple vulnerabilities.
File : juniper_nsm_jsa10685.nasl - Type : ACT_GATHER_INFO
2015-07-20 Name : The remote host is affected by multiple vulnerabilities.
File : juniper_nsm_jsa10685_cred.nasl - Type : ACT_GATHER_INFO
2015-06-26 Name : The remote IBM Storwize device is affected by multiple vulnerabilities.
File : ibm_storwize_1_5_0_2.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0064-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1082-1.nasl - Type : ACT_GATHER_INFO
2015-05-18 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-526.nasl - Type : ACT_GATHER_INFO
2015-05-18 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-527.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_10_3.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2015-004.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-084.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-093.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-66.nasl - Type : ACT_GATHER_INFO
2015-03-19 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-052.nasl - Type : ACT_GATHER_INFO
2015-03-19 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-053.nasl - Type : ACT_GATHER_INFO
2015-02-24 Name : The remote Fedora host is missing a security update.
File : fedora_2015-2109.nasl - Type : ACT_GATHER_INFO
2015-01-27 Name : The remote web server is affected by multiple vulnerabilities.
File : oracle_http_server_cpu_jan_2015.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_apache_20140915.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_php_20140401.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_php_20140522.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_tomcat_20140522.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_tomcat_20140715.nasl - Type : ACT_GATHER_INFO
2014-12-16 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-770.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-29.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1307.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1615.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit...
File : macosx_10_10.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-331.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-344.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-367.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-372.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-393.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15426.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15432.nasl - Type : ACT_GATHER_INFO
2014-09-29 Name : The remote Fedora host is missing a security update.
File : fedora_2014-11048.nasl - Type : ACT_GATHER_INFO
2014-09-18 Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit...
File : macosx_10_9_5.nasl - Type : ACT_GATHER_INFO
2014-08-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201408-11.nasl - Type : ACT_GATHER_INFO
2014-08-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201408-12.nasl - Type : ACT_GATHER_INFO
2014-08-29 Name : The remote application server may be affected by multiple vulnerabilities.
File : websphere_8_5_5_3.nasl - Type : ACT_GATHER_INFO
2014-08-21 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-502.nasl - Type : ACT_GATHER_INFO
2014-08-21 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-503.nasl - Type : ACT_GATHER_INFO
2014-08-20 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_3_29.nasl - Type : ACT_GATHER_INFO
2014-08-19 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_d2a892b9260511e49da000a0986f28c4.nasl - Type : ACT_GATHER_INFO
2014-08-14 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_tomcat6-201407-140706.nasl - Type : ACT_GATHER_INFO
2014-08-07 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-140721.nasl - Type : ACT_GATHER_INFO
2014-08-04 Name : The remote application server is affected by multiple vulnerabilities.
File : websphere_8_0_0_9.nasl - Type : ACT_GATHER_INFO
2014-08-01 Name : The remote application server is affected by multiple vulnerabilities.
File : websphere_7_0_0_33.nasl - Type : ACT_GATHER_INFO
2014-07-31 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2302-1.nasl - Type : ACT_GATHER_INFO
2014-07-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0686.nasl - Type : ACT_GATHER_INFO
2014-07-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0827.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_81fc1076128611e4bebd000c2980a9f3.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0686.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0827.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote host has a version of Oracle Secure Global Desktop that is affecte...
File : oracle_secure_global_desktop_jul_2014_cpu.nasl - Type : ACT_GATHER_INFO
2014-07-14 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-192-01.nasl - Type : ACT_GATHER_INFO
2014-07-10 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0865.nasl - Type : ACT_GATHER_INFO
2014-07-10 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0865.nasl - Type : ACT_GATHER_INFO
2014-07-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0865.nasl - Type : ACT_GATHER_INFO
2014-07-10 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140709_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-07-08 Name : The remote Fedora host is missing a security update.
File : fedora_2014-7782.nasl - Type : ACT_GATHER_INFO
2014-07-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0826.nasl - Type : ACT_GATHER_INFO
2014-07-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0834.nasl - Type : ACT_GATHER_INFO
2014-07-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0835.nasl - Type : ACT_GATHER_INFO
2014-07-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2014-0843.nasl - Type : ACT_GATHER_INFO
2014-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2014-7765.nasl - Type : ACT_GATHER_INFO
2014-06-27 Name : The remote web server is running a version of PHP that is affected by multipl...
File : php_5_4_30.nasl - Type : ACT_GATHER_INFO
2014-06-27 Name : The remote web server is running a version of PHP that is affected by multipl...
File : php_5_5_14.nasl - Type : ACT_GATHER_INFO
2014-06-26 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0525.nasl - Type : ACT_GATHER_INFO
2014-06-26 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0526.nasl - Type : ACT_GATHER_INFO
2014-06-26 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0783.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-1032.nasl - Type : ACT_GATHER_INFO
2014-05-30 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_6_0_41.nasl - Type : ACT_GATHER_INFO
2014-05-30 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_7_0_53.nasl - Type : ACT_GATHER_INFO
2014-05-30 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_8_0_5.nasl - Type : ACT_GATHER_INFO
2014-05-29 Name : The remote application server may be affected by multiple vulnerabilities.
File : websphere_8_5_5_2.nasl - Type : ACT_GATHER_INFO
2014-04-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0429.nasl - Type : ACT_GATHER_INFO
2014-04-24 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0429.nasl - Type : ACT_GATHER_INFO
2014-04-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0429.nasl - Type : ACT_GATHER_INFO
2014-04-24 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140423_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2014-5004.nasl - Type : ACT_GATHER_INFO
2014-04-09 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2897.nasl - Type : ACT_GATHER_INFO
2014-04-08 Name : The remote web server is affected by multiple vulnerabilities.
File : apache_2_2_27.nasl - Type : ACT_GATHER_INFO
2014-04-07 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140403_httpd_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-04-07 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140403_httpd_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-04-04 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0369.nasl - Type : ACT_GATHER_INFO
2014-04-04 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0370.nasl - Type : ACT_GATHER_INFO
2014-04-04 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0369.nasl - Type : ACT_GATHER_INFO
2014-04-04 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0370.nasl - Type : ACT_GATHER_INFO
2014-04-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0369.nasl - Type : ACT_GATHER_INFO
2014-04-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0370.nasl - Type : ACT_GATHER_INFO
2014-04-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0343.nasl - Type : ACT_GATHER_INFO
2014-04-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0344.nasl - Type : ACT_GATHER_INFO
2014-03-31 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-086-02.nasl - Type : ACT_GATHER_INFO
2014-03-31 Name : The remote Fedora host is missing a security update.
File : fedora_2014-4555.nasl - Type : ACT_GATHER_INFO
2014-03-28 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-309.nasl - Type : ACT_GATHER_INFO
2014-03-25 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2152-1.nasl - Type : ACT_GATHER_INFO
2014-03-24 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_91ecb546b1e611e3980f20cf30e32f6d.nasl - Type : ACT_GATHER_INFO
2014-03-21 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-065.nasl - Type : ACT_GATHER_INFO
2014-03-18 Name : The remote web server is affected by multiple vulnerabilities.
File : apache_2_4_8.nasl - Type : ACT_GATHER_INFO
2014-03-07 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2130-1.nasl - Type : ACT_GATHER_INFO
2014-02-25 Name : The remote host is missing a Mac OS X update that fixes a certificate validat...
File : macosx_10_9_2.nasl - Type : ACT_GATHER_INFO
2014-02-25 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2014-001.nasl - Type : ACT_GATHER_INFO
2014-02-25 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_6_0_39.nasl - Type : ACT_GATHER_INFO
2014-01-22 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-014.nasl - Type : ACT_GATHER_INFO
2014-01-15 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php5-131220.nasl - Type : ACT_GATHER_INFO
2014-01-15 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php53-131218.nasl - Type : ACT_GATHER_INFO
2013-12-04 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131121_php_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-11-27 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1615.nasl - Type : ACT_GATHER_INFO
2013-11-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1615.nasl - Type : ACT_GATHER_INFO
2013-10-11 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130930_php53_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-10-03 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1307.nasl - Type : ACT_GATHER_INFO
2013-10-01 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-224.nasl - Type : ACT_GATHER_INFO
2013-10-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1307.nasl - Type : ACT_GATHER_INFO
2013-09-09 Name : The remote Fedora host is missing a security update.
File : fedora_2013-14985.nasl - Type : ACT_GATHER_INFO
2013-09-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1937-1.nasl - Type : ACT_GATHER_INFO
2013-09-02 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2013-242-02.nasl - Type : ACT_GATHER_INFO
2013-08-28 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-221.nasl - Type : ACT_GATHER_INFO
2013-08-27 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2742.nasl - Type : ACT_GATHER_INFO
2013-08-25 Name : The remote Fedora host is missing a security update.
File : fedora_2013-14998.nasl - Type : ACT_GATHER_INFO
2013-08-21 Name : The remote web server uses a version of PHP that is potentially affected by m...
File : php_5_4_18.nasl - Type : ACT_GATHER_INFO
2013-08-21 Name : The remote web server uses a version of PHP that is potentially affected by m...
File : php_5_5_2.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-10-21 17:21:46
  • First insertion